* [OE-core][scarthgap 00/21] Patch review
@ 2024-05-20 13:33 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-05-20 13:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, May 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6937
The following changes since commit 294a7dbe44f6b7c8d3a1de8c2cc182af37c4f916:
build-appliance-image: Update to scarthgap head revision (2024-05-09 04:47:57 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Adriaan Schmidt (1):
libcgroup_3.1.0: fix build on non-systemd systems
Jose Quaresma (2):
go: Drop the linkmode completely
Revert "goarch: disable dynamic linking globally"
Kai Kang (1):
webkitgtk: 2.44.0 -> 2.44.1
Martin Hundebøll (1):
classes: image_types: apply EXTRA_IMAGECMD:squashfs* in
oe_mksquashfs()
Mingli Yu (1):
ncurses: Fix CVE-2023-50495
Peter Marko (6):
openssl: patch CVE-2024-4603
glib-2.0: Upgrade 2.78.4 -> 2.78.5
glib-2.0: Upgrade 2.78.5 -> 2.78.6
glibc: Update to latest on stable 2.39 branch
glibc: Update to latest on stable 2.39 branch
glibc: correct license
Ralph Siemsen (1):
uboot-sign: fix loop in do_uboot_assemble_fitimage
Ross Burton (3):
lib/oe/package-manager: allow including self in create_packages_dir
selftest/classes: add localpkgfeed class
oeqa/selftest/debuginfod: use localpkgfeed to speed server startup
Sven Schwermer (2):
recipetool: Handle unclean response in go resolver
recipetool: Handle several go-import tags in go resolver
Trevor Gamblin (1):
patchtest: test_metadata: fix invalid escape sequences
Wang Mingyu (1):
llvm: upgrade 18.1.2 -> 18.1.3
Zev Weiss (1):
bash: Fix file-substitution error-handling bug
meta-selftest/classes/localpkgfeed.bbclass | 27 ++
meta/classes-recipe/go.bbclass | 2 -
meta/classes-recipe/goarch.bbclass | 14 +-
meta/classes-recipe/image_types.bbclass | 20 +-
meta/classes-recipe/uboot-sign.bbclass | 2 +-
meta/lib/oe/package_manager/__init__.py | 9 +-
meta/lib/oeqa/selftest/cases/debuginfod.py | 14 +-
meta/lib/patchtest/tests/test_metadata.py | 4 +-
.../openssl/openssl/CVE-2024-4603.patch | 179 +++++++++++
.../openssl/openssl_3.2.1.bb | 1 +
.../glib-2.0/glib-2.0/fix-regex.patch | 54 ----
...{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} | 3 +-
meta/recipes-core/glibc/glibc-common.inc | 2 +-
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...y-the-header-between-arm-and-aarch64.patch | 47 ++-
...e-Pass-mcpu-along-with-march-to-dete.patch | 62 ----
...ss.patch => 0023-qemu-stale-process.patch} | 0
meta/recipes-core/glibc/glibc_2.39.bb | 7 +-
...akefile-install-systemd.h-by-default.patch | 37 +++
.../recipes-core/libcgroup/libcgroup_3.1.0.bb | 1 +
.../ncurses/files/CVE-2023-50495.patch | 301 ++++++++++++++++++
meta/recipes-core/ncurses/ncurses_6.4.bb | 1 +
meta/recipes-devtools/go/go-runtime.inc | 2 +-
...r-sort-ClassInfo-lists-by-name-as-we.patch | 6 +-
.../bash/bash/fix-filesubst-errexit.patch | 34 ++
meta/recipes-extended/bash/bash_5.2.21.bb | 1 +
...af379dc70b4b1a63b01d67179eb431f03ac4.patch | 38 ---
...ebkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} | 3 +-
scripts/lib/recipetool/create_go.py | 34 +-
29 files changed, 685 insertions(+), 222 deletions(-)
create mode 100644 meta-selftest/classes/localpkgfeed.bbclass
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
delete mode 100644 meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
rename meta/recipes-core/glib-2.0/{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} (95%)
delete mode 100644 meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
rename meta/recipes-core/glibc/glibc/{0024-qemu-stale-process.patch => 0023-qemu-stale-process.patch} (100%)
create mode 100644 meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch
create mode 100644 meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} (98%)
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 00/21] Patch review
@ 2024-06-01 12:24 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-06-01 12:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6993
with two exceptions, the first a known reproducibility issue also present
on master:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15491
and the second is a failure on meta-agl-core, which will require an update
to the ptest-runner override in meta-agl once "ptest-runner: Bump to 2.4.4 (95f528c)"
merges.
The following changes since commit 0795169be206f1d4d140fe378e2476a44d0ce02b:
oeqa/selftest/debuginfod: use localpkgfeed to speed server startup (2024-05-19 13:50:01 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Archana Polampalli (5):
ghostscript: fix CVE-2024-33870
ghostscript: fix CVE-2024-33869
ghostscript: fix CVE-2024-33871
ghostscript: fix CVE-2024-29510
xserver-xorg: upgrade 21.1.11 -> 21.1.12
Changqing Li (1):
ptest-runner: Bump to 2.4.4 (95f528c)
Julien Stephan (2):
devtool: standard: update-recipe/finish: fix update localfile in
another layer
oeqa/selftest/devtool: add test for updating local files into another
layer
Khem Raj (3):
llvm: Upgrade to 18.1.4
llvm: Upgrade to 18.1.5
llvm: Switch to using release tarballs
Marek Vasut (1):
gstreamer1.0-plugins-good: Include qttools-native during the build
with qt5 PACKAGECONFIG
Mark Hatle (1):
gcc: Fix for CVE-2024-0151
Peter Marko (2):
ttyrun: define CVE_PRODUCT
update-rc.d: add +git to PV
Philip Lorenz (2):
lib/package_manager/ipk: Do not hardcode payload compression algorithm
ipk: Fix clean up of extracted IPK payload
Rasmus Villemoes (1):
git: set --with-gitconfig=/etc/gitconfig for -native builds
Ricardo Simoes (1):
libusb1: Set CVE_PRODUCT
Soumya Sambu (1):
ncurses: Fix CVE-2023-45918
Yogita Urade (1):
libarchive: upgrade 3.7.2 -> 3.7.4
meta/lib/oe/package_manager/ipk/__init__.py | 14 +-
meta/lib/oeqa/selftest/cases/devtool.py | 20 +-
.../ncurses/files/CVE-2023-45918.patch | 180 ++++++++++
meta/recipes-core/ncurses/ncurses_6.4.bb | 1 +
meta/recipes-core/ttyrun/ttyrun_2.31.0.bb | 2 +
.../update-rc.d/update-rc.d_0.8.bb | 1 +
meta/recipes-devtools/gcc/gcc-13.2.inc | 1 +
.../gcc/gcc/CVE-2024-0151.patch | 315 ++++++++++++++++++
meta/recipes-devtools/git/git_2.44.0.bb | 1 +
.../llvm/{llvm_git.bb => llvm_18.1.5.bb} | 13 +-
.../ghostscript/CVE-2024-29510.patch | 84 +++++
.../ghostscript/CVE-2024-33869-0001.patch | 39 +++
.../ghostscript/CVE-2024-33869-0002.patch | 52 +++
.../ghostscript/CVE-2024-33870.patch | 99 ++++++
.../ghostscript/CVE-2024-33871.patch | 43 +++
.../ghostscript/ghostscript_10.02.1.bb | 5 +
.../libarchive/libarchive/configurehack.patch | 19 +-
...ibarchive_3.7.2.bb => libarchive_3.7.4.bb} | 2 +-
...org_21.1.11.bb => xserver-xorg_21.1.12.bb} | 2 +-
.../gstreamer1.0-plugins-good_1.22.11.bb | 2 +-
meta/recipes-support/libusb/libusb1_1.0.27.bb | 2 +
...-runner_2.4.3.bb => ptest-runner_2.4.4.bb} | 2 +-
scripts/lib/devtool/standard.py | 23 +-
23 files changed, 888 insertions(+), 34 deletions(-)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
rename meta/recipes-devtools/llvm/{llvm_git.bb => llvm_18.1.5.bb} (93%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
rename meta/recipes-extended/libarchive/{libarchive_3.7.2.bb => libarchive_3.7.4.bb} (96%)
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.11.bb => xserver-xorg_21.1.12.bb} (92%)
rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.3.bb => ptest-runner_2.4.4.bb} (95%)
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 00/21] Patch review
@ 2024-07-04 12:26 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 01/21] llvm: Fix CVE-2024-0151 Steve Sakoman
` (20 more replies)
0 siblings, 21 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7104
The following changes since commit 9abcb18014020804738dfc7d278d7097679f4d19:
classes/create-spdx-2.2: Fix SPDX Namespace Prefix (2024-06-28 06:28:58 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Antonin Godard (1):
devtool: ide-sdk: correct help typo
Archana Polampalli (1):
gstreamer: upgrade 1.22.11 -> 1.22.12
Bruce Ashfield (3):
linux-yocto/6.6: update to v6.6.34
linux-yocto/6.6: update to v6.6.35
linux-yocto/6.6: fix AMD boot trace
Deepthi Hemraj (1):
llvm: Fix CVE-2024-0151
Guðni Már Gilbert (4):
python3-requests: cleanup RDEPENDS
python3-setuptools: drop python3-2to3 from RDEPENDS
python3-bcrypt: drop python3-six from RDEPENDS
python3-pyopenssl: drop python3-six from RDEPENDS
Hitendra Prajapati (1):
QEMU: Fix CVE-2024-3446 & CVE-2024-3567
Jose Quaresma (1):
openssh: fix CVE-2024-6387
Khem Raj (1):
pcmanfm: Disable incompatible-pointer-types warning as error
Martin Jansa (1):
rng-tools: ignore incompatible-pointer-types errors for now
Mingli Yu (1):
ruby: Fix CVE-2023-36617
Richard Purdie (3):
python3-jinja2: Upgrade 3.1.3 -> 3.1.4
oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES
oeqa/selftest/devtool: Fix for usrmerge in DISTRO_FEATURES
Ross Burton (1):
curl: locale-base-en-us isn't glibc-specific
Siddharth Doshi (1):
OpenSSL: Security fix for CVE-2024-5535
Yi Zhao (1):
libpam: fix runtime error in pam_pwhistory moudle
meta/lib/oeqa/selftest/cases/devtool.py | 2 +
meta/lib/oeqa/selftest/cases/recipetool.py | 16 +-
.../openssh/openssh/CVE-2024-6387.patch | 27 +
.../openssh/openssh_9.6p1.bb | 1 +
.../openssl/openssl/CVE-2024-5535_1.patch | 113 ++
.../openssl/openssl/CVE-2024-5535_10.patch | 203 +++
.../openssl/openssl/CVE-2024-5535_2.patch | 43 +
.../openssl/openssl/CVE-2024-5535_3.patch | 38 +
.../openssl/openssl/CVE-2024-5535_4.patch | 82 ++
.../openssl/openssl/CVE-2024-5535_5.patch | 176 +++
.../openssl/openssl/CVE-2024-5535_6.patch | 1173 +++++++++++++++++
.../openssl/openssl/CVE-2024-5535_7.patch | 43 +
.../openssl/openssl/CVE-2024-5535_8.patch | 66 +
.../openssl/openssl/CVE-2024-5535_9.patch | 271 ++++
.../openssl/openssl_3.2.2.bb | 10 +
.../llvm/0002-llvm-Fix-CVE-2024-0151.patch | 1086 +++++++++++++++
meta/recipes-devtools/llvm/llvm_18.1.5.bb | 1 +
.../python/python3-bcrypt_4.1.2.bb | 1 -
...inja2_3.1.3.bb => python3-jinja2_3.1.4.bb} | 8 +-
.../python/python3-pyopenssl_24.0.0.bb | 1 -
.../python/python3-requests_2.31.0.bb | 6 +-
.../python/python3-setuptools_69.1.1.bb | 1 -
meta/recipes-devtools/qemu/qemu.inc | 5 +
.../qemu/qemu/CVE-2024-3446-01.patch | 73 +
.../qemu/qemu/CVE-2024-3446-02.patch | 48 +
.../qemu/qemu/CVE-2024-3446-03.patch | 47 +
.../qemu/qemu/CVE-2024-3446-04.patch | 52 +
.../qemu/qemu/CVE-2024-3567.patch | 48 +
.../ruby/ruby/CVE-2023-36617_1.patch | 56 +
.../ruby/ruby/CVE-2023-36617_2.patch | 52 +
meta/recipes-devtools/ruby/ruby_3.2.2.bb | 2 +
...x-passing-NULL-filename-argument-to-.patch | 69 +
meta/recipes-extended/pam/libpam_1.5.3.bb | 1 +
.../linux/linux-yocto-rt_6.6.bb | 6 +-
.../linux/linux-yocto-tiny_6.6.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +-
...ols_1.22.11.bb => gst-devtools_1.22.12.bb} | 2 +-
...22.11.bb => gstreamer1.0-libav_1.22.12.bb} | 2 +-
...1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} | 2 +-
...bb => gstreamer1.0-plugins-bad_1.22.12.bb} | 2 +-
...b => gstreamer1.0-plugins-base_1.22.12.bb} | 2 +-
...b => gstreamer1.0-plugins-good_1.22.12.bb} | 2 +-
...b => gstreamer1.0-plugins-ugly_1.22.12.bb} | 2 +-
...2.11.bb => gstreamer1.0-python_1.22.12.bb} | 2 +-
...bb => gstreamer1.0-rtsp-server_1.22.12.bb} | 2 +-
...22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} | 2 +-
...1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} | 2 +-
meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb | 2 +
meta/recipes-support/curl/curl_8.7.1.bb | 2 +-
.../rng-tools/rng-tools_6.16.bb | 4 +
scripts/lib/devtool/ide_sdk.py | 2 +-
51 files changed, 3844 insertions(+), 49 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
create mode 100644 meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (79%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.11.bb => gst-devtools_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.11.bb => gstreamer1.0-libav_1.22.12.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.11.bb => gstreamer1.0-plugins-bad_1.22.12.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.11.bb => gstreamer1.0-plugins-base_1.22.12.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.11.bb => gstreamer1.0-plugins-good_1.22.12.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.11.bb => gstreamer1.0-plugins-ugly_1.22.12.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.11.bb => gstreamer1.0-python_1.22.12.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.11.bb => gstreamer1.0-rtsp-server_1.22.12.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} (97%)
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 01/21] llvm: Fix CVE-2024-0151
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 02/21] ruby: Fix CVE-2023-36617 Steve Sakoman
` (19 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../llvm/0002-llvm-Fix-CVE-2024-0151.patch | 1086 +++++++++++++++++
meta/recipes-devtools/llvm/llvm_18.1.5.bb | 1 +
2 files changed, 1087 insertions(+)
create mode 100644 meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
diff --git a/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
new file mode 100644
index 0000000000..c05685e64d
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
@@ -0,0 +1,1086 @@
+commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
+Author: Lucas Duarte Prates <lucas.prates@arm.com>
+Date: Thu Jun 20 10:22:01 2024 +0100
+
+ [ARM] CMSE security mitigation on function arguments and returned values (#89944)
+
+ The ABI mandates two things related to function calls:
+ - Function arguments must be sign- or zero-extended to the register
+ size by the caller.
+ - Return values must be sign- or zero-extended to the register size by
+ the callee.
+
+ As consequence, callees can assume that function arguments have been
+ extended and so can callers with regards to return values.
+
+ Here lies the problem: Nonsecure code might deliberately ignore this
+ mandate with the intent of attempting an exploit. It might try to pass
+ values that lie outside the expected type's value range in order to
+ trigger undefined behaviour, e.g. out of bounds access.
+
+ With the mitigation implemented, Secure code always performs extension
+ of values passed by Nonsecure code.
+
+ This addresses the vulnerability described in CVE-2024-0151.
+
+ Patches by Victor Campos.
+
+ ---------
+
+ Co-authored-by: Victor Campos <victor.campos@arm.com>
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea]
+CVE: CVE-2024-0151
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+index bfe137b95602..5490c3c9df6c 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.cpp
++++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+@@ -156,6 +156,17 @@ static const MCPhysReg GPRArgRegs[] = {
+ ARM::R0, ARM::R1, ARM::R2, ARM::R3
+ };
+
++static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg,
++ SelectionDAG &DAG, const SDLoc &DL) {
++ assert(Arg.ArgVT.isScalarInteger());
++ assert(Arg.ArgVT.bitsLT(MVT::i32));
++ SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value);
++ SDValue Ext =
++ DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL,
++ MVT::i32, Trunc);
++ return Ext;
++}
++
+ void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) {
+ if (VT != PromotedLdStVT) {
+ setOperationAction(ISD::LOAD, VT, Promote);
+@@ -2196,7 +2207,7 @@ SDValue ARMTargetLowering::LowerCallResult(
+ SDValue Chain, SDValue InGlue, CallingConv::ID CallConv, bool isVarArg,
+ const SmallVectorImpl<ISD::InputArg> &Ins, const SDLoc &dl,
+ SelectionDAG &DAG, SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+- SDValue ThisVal) const {
++ SDValue ThisVal, bool isCmseNSCall) const {
+ // Assign locations to each value returned by this call.
+ SmallVector<CCValAssign, 16> RVLocs;
+ CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs,
+@@ -2274,6 +2285,15 @@ SDValue ARMTargetLowering::LowerCallResult(
+ (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+ Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val);
+
++ // On CMSE Non-secure Calls, call results (returned values) whose bitwidth
++ // is less than 32 bits must be sign- or zero-extended after the call for
++ // security reasons. Although the ABI mandates an extension done by the
++ // callee, the latter cannot be trusted to follow the rules of the ABI.
++ const ISD::InputArg &Arg = Ins[VA.getValNo()];
++ if (isCmseNSCall && Arg.ArgVT.isScalarInteger() &&
++ VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++ Val = handleCMSEValue(Val, Arg, DAG, dl);
++
+ InVals.push_back(Val);
+ }
+
+@@ -2888,7 +2908,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
+ // return.
+ return LowerCallResult(Chain, InGlue, CallConv, isVarArg, Ins, dl, DAG,
+ InVals, isThisReturn,
+- isThisReturn ? OutVals[0] : SDValue());
++ isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall);
+ }
+
+ /// HandleByVal - Every parameter *after* a byval parameter is passed
+@@ -4485,8 +4505,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ *DAG.getContext());
+ CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg));
+
+- SmallVector<SDValue, 16> ArgValues;
+- SDValue ArgValue;
+ Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin();
+ unsigned CurArgIdx = 0;
+
+@@ -4541,6 +4559,7 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ // Arguments stored in registers.
+ if (VA.isRegLoc()) {
+ EVT RegVT = VA.getLocVT();
++ SDValue ArgValue;
+
+ if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) {
+ // f64 and vector types are split up into multiple registers or
+@@ -4604,16 +4623,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ case CCValAssign::BCvt:
+ ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue);
+ break;
+- case CCValAssign::SExt:
+- ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue,
+- DAG.getValueType(VA.getValVT()));
+- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+- break;
+- case CCValAssign::ZExt:
+- ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue,
+- DAG.getValueType(VA.getValVT()));
+- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+- break;
+ }
+
+ // f16 arguments have their size extended to 4 bytes and passed as if they
+@@ -4623,6 +4632,15 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+ ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue);
+
++ // On CMSE Entry Functions, formal integer arguments whose bitwidth is
++ // less than 32 bits must be sign- or zero-extended in the callee for
++ // security reasons. Although the ABI mandates an extension done by the
++ // caller, the latter cannot be trusted to follow the rules of the ABI.
++ const ISD::InputArg &Arg = Ins[VA.getValNo()];
++ if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() &&
++ RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++ ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl);
++
+ InVals.push_back(ArgValue);
+ } else { // VA.isRegLoc()
+ // Only arguments passed on the stack should make it here.
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h
+index 62a52bdb03f7..a255e9b6fc36 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.h
++++ b/llvm/lib/Target/ARM/ARMISelLowering.h
+@@ -891,7 +891,7 @@ class VectorType;
+ const SmallVectorImpl<ISD::InputArg> &Ins,
+ const SDLoc &dl, SelectionDAG &DAG,
+ SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+- SDValue ThisVal) const;
++ SDValue ThisVal, bool isCmseNSCall) const;
+
+ bool supportSplitCSR(MachineFunction *MF) const override {
+ return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS &&
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+new file mode 100644
+index 0000000000..58eef443c25e
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+@@ -0,0 +1,552 @@
++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@get_idx = hidden local_unnamed_addr global ptr null, align 4
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16() {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i16 %0() "cmse_nonsecure_call"
++ %idxprom = sext i16 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u16() {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i16 %0() "cmse_nonsecure_call"
++ %idxprom = zext i16 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i8() {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i8 %0() "cmse_nonsecure_call"
++ %idxprom = sext i8 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u8() {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i8 %0() "cmse_nonsecure_call"
++ %idxprom = zext i8 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i1() {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i1 %0() "cmse_nonsecure_call"
++ %idxprom = zext i1 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i5() {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i5 %0() "cmse_nonsecure_call"
++ %idxprom = sext i5 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u5() {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #31
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #31
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i5 %0() "cmse_nonsecure_call"
++ %idxprom = zext i5 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i33(ptr %f) {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: rsb.w r0, r0, #0
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: rsb.w r0, r0, #0
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %call = tail call i33 %f() "cmse_nonsecure_call"
++ %shr = ashr i33 %call, 32
++ %conv = trunc nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u33(ptr %f) {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %call = tail call i33 %f() "cmse_nonsecure_call"
++ %shr = lshr i33 %call, 32
++ %conv = trunc nuw nsw i33 %shr to i32
++ ret i32 %conv
++}
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+new file mode 100644
+index 0000000000..c66ab00566dd
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+@@ -0,0 +1,368 @@
++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i16 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i16 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i8 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i8 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: rsbs r0, r0, #0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: rsbs r0, r0, #0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i1 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i5 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #31
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #31
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i5 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: rsbs r0, r0, #0
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: rsbs r0, r0, #0
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %shr = ashr i33 %arg, 32
++ %conv = trunc nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %shr = lshr i33 %arg, 32
++ %conv = trunc nuw nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i65:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: sub sp, #16
++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V8M-LE-NEXT: and r0, r0, #1
++; V8M-LE-NEXT: rsbs r0, r0, #0
++; V8M-BE-NEXT: movs r1, #0
++; V8M-BE-NEXT: sub.w r0, r1, r0, lsr #24
++; V8M-COMMON-NEXT: add sp, #16
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i65:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: sub sp, #16
++; V81M-COMMON-NEXT: add sp, #4
++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V81M-LE-NEXT: and r0, r0, #1
++; V81M-LE-NEXT: rsbs r0, r0, #0
++; V81M-BE-NEXT: movs r1, #0
++; V81M-BE-NEXT: sub.w r0, r1, r0, lsr #24
++; V81M-COMMON-NEXT: sub sp, #4
++; V81M-COMMON-NEXT: add sp, #16
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %arg = load i65, ptr %0, align 8
++ %shr = ashr i65 %arg, 64
++ %conv = trunc nsw i65 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u65:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: sub sp, #16
++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V8M-BE-NEXT: lsrs r0, r0, #24
++; V8M-COMMON-NEXT: add sp, #16
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u65:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: sub sp, #16
++; V81M-COMMON-NEXT: add sp, #4
++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V81M-BE-NEXT: lsrs r0, r0, #24
++; V81M-COMMON-NEXT: sub sp, #4
++; V81M-COMMON-NEXT: add sp, #16
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %arg = load i65, ptr %0, align 8
++ %shr = lshr i65 %arg, 64
++ %conv = trunc nuw nsw i65 %shr to i32
++ ret i32 %conv
++}
diff --git a/meta/recipes-devtools/llvm/llvm_18.1.5.bb b/meta/recipes-devtools/llvm/llvm_18.1.5.bb
index 4b6763e580..b03cf1465e 100644
--- a/meta/recipes-devtools/llvm/llvm_18.1.5.bb
+++ b/meta/recipes-devtools/llvm/llvm_18.1.5.bb
@@ -25,6 +25,7 @@ LLVM_RELEASE = "${PV}"
SRC_URI = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${PV}/llvm-project-${PV}.src.tar.xz \
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
+ file://0002-llvm-Fix-CVE-2024-0151.patch;striplevel=2 \
file://llvm-config \
"
SRC_URI[sha256sum] = "3591a52761a7d390ede51af01ea73abfecc4b1d16445f9d019b67a57edd7de56"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 02/21] ruby: Fix CVE-2023-36617
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 01/21] llvm: Fix CVE-2024-0151 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 03/21] openssh: fix CVE-2024-6387 Steve Sakoman
` (18 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Mingli Yu <mingli.yu@windriver.com>
Backport two patches [1] [2] to fix CVE-2023-36617 [3].
[1] https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1
[2] https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8
[3] https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ruby/ruby/CVE-2023-36617_1.patch | 56 +++++++++++++++++++
.../ruby/ruby/CVE-2023-36617_2.patch | 52 +++++++++++++++++
meta/recipes-devtools/ruby/ruby_3.2.2.bb | 2 +
3 files changed, 110 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
new file mode 100644
index 0000000000..17c7e30176
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
@@ -0,0 +1,56 @@
+From 2ebb50d2dc302917a6f57c1239dc9e700dfe0e34 Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Thu, 27 Jul 2023 15:53:01 +0800
+Subject: [PATCH] Fix quadratic backtracking on invalid relative URI
+
+https://hackerone.com/reports/1958260
+
+CVE: CVE-2023-36617
+
+Upstream-Status: Backport [https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/uri/rfc2396_parser.rb | 4 ++--
+ test/uri/test_parser.rb | 12 ++++++++++++
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
+index 76a8f99..00c66cf 100644
+--- a/lib/uri/rfc2396_parser.rb
++++ b/lib/uri/rfc2396_parser.rb
+@@ -497,8 +497,8 @@ module URI
+ ret = {}
+
+ # for URI::split
+- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
++ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
++ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+
+ # for URI::extract
+ ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
+diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
+index 72fb590..721e05e 100644
+--- a/test/uri/test_parser.rb
++++ b/test/uri/test_parser.rb
+@@ -79,4 +79,16 @@ class URI::TestParser < Test::Unit::TestCase
+ assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com"))
+ assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]"))
+ end
++
++ def test_rfc2822_parse_relative_uri
++ pre = ->(length) {
++ " " * length + "\0"
++ }
++ parser = URI::RFC2396_Parser.new
++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
++ assert_raise(URI::InvalidURIError) do
++ parser.split(uri)
++ end
++ end
++ end
+ end
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
new file mode 100644
index 0000000000..7c51deaa42
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
@@ -0,0 +1,52 @@
+From eea5868120509c245216c4b5c2d4b5db1c593d0e Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Thu, 27 Jul 2023 16:16:30 +0800
+Subject: [PATCH] Fix quadratic backtracking on invalid port number
+
+https://hackerone.com/reports/1958260
+
+CVE: CVE-2023-36617
+
+Upstream-Status: Backport [https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/uri/rfc3986_parser.rb | 2 +-
+ test/uri/test_parser.rb | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
+index dd24a40..9b1663d 100644
+--- a/lib/uri/rfc3986_parser.rb
++++ b/lib/uri/rfc3986_parser.rb
+@@ -100,7 +100,7 @@ module URI
+ QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
+ OPAQUE: /\A(?:[^\/].*)?\z/,
+- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
++ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
+ }
+ end
+
+diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
+index 721e05e..cee0acb 100644
+--- a/test/uri/test_parser.rb
++++ b/test/uri/test_parser.rb
+@@ -91,4 +91,14 @@ class URI::TestParser < Test::Unit::TestCase
+ end
+ end
+ end
++
++ def test_rfc3986_port_check
++ pre = ->(length) {"\t" * length + "a"}
++ uri = URI.parse("http://my.example.com")
++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
++ assert_raise(URI::InvalidComponentError) do
++ uri.port = port
++ end
++ end
++ end
+ end
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
index 481fe7c23d..d1359e388c 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -31,6 +31,8 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://0006-Make-gemspecs-reproducible.patch \
file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
file://0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch \
+ file://CVE-2023-36617_1.patch \
+ file://CVE-2023-36617_2.patch \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 03/21] openssh: fix CVE-2024-6387
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 01/21] llvm: Fix CVE-2024-0151 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 02/21] ruby: Fix CVE-2023-36617 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 04/21] OpenSSL: Security fix for CVE-2024-5535 Steve Sakoman
` (17 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive).
Race condition resulting in potential remote code execution.
A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.
This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config)
though this makes denial-of service against sshd(8) considerably easier.
For more information, please refer to the release notes [1] and the
report from the Qualys Security Advisory Team [2] who discovered the bug.
[1] https://www.openssh.com/txt/release-9.8
[2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
References:
https://www.openssh.com/security.html
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssh/openssh/CVE-2024-6387.patch | 27 +++++++++++++++++++
.../openssh/openssh_9.6p1.bb | 1 +
2 files changed, 28 insertions(+)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
new file mode 100644
index 0000000000..3e7c707100
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
@@ -0,0 +1,27 @@
+Description: fix signal handler race condition
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497
+
+CVE: CVE-2024-6387
+
+Upstream-Status: Backport
+https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc
+
+Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
+
+--- a/log.c
++++ b/log.c
+@@ -452,12 +452,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+ LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ va_list args;
+
+ va_start(args, fmt);
+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ suffix, fmt, args);
+ va_end(args);
++#endif
+ _exit(1);
+ }
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index d941664b41..3cdf0327b0 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://add-test-support-for-busybox.patch \
file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
+ file://CVE-2024-6387.patch \
"
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 04/21] OpenSSL: Security fix for CVE-2024-5535
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-07-04 12:26 ` [OE-core][scarthgap 03/21] openssh: fix CVE-2024-6387 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 05/21] QEMU: Fix CVE-2024-3446 & CVE-2024-3567 Steve Sakoman
` (16 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Siddharth Doshi <sdoshi@mvista.com>
Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e]
CVE's Fixed:
CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-5535_1.patch | 113 ++
.../openssl/openssl/CVE-2024-5535_10.patch | 203 +++
.../openssl/openssl/CVE-2024-5535_2.patch | 43 +
.../openssl/openssl/CVE-2024-5535_3.patch | 38 +
.../openssl/openssl/CVE-2024-5535_4.patch | 82 ++
.../openssl/openssl/CVE-2024-5535_5.patch | 176 +++
.../openssl/openssl/CVE-2024-5535_6.patch | 1173 +++++++++++++++++
.../openssl/openssl/CVE-2024-5535_7.patch | 43 +
.../openssl/openssl/CVE-2024-5535_8.patch | 66 +
.../openssl/openssl/CVE-2024-5535_9.patch | 271 ++++
.../openssl/openssl_3.2.2.bb | 10 +
11 files changed, 2218 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
new file mode 100644
index 0000000000..d5c178eeab
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
@@ -0,0 +1,113 @@
+From b63b4db52e10677db4ab46b608aabd55a44668aa Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 31 May 2024 11:14:33 +0100
+Subject: [PATCH 01/10] Fix SSL_select_next_proto
+
+Ensure that the provided client list is non-NULL and starts with a valid
+entry. When called from the ALPN callback the client list should already
+have been validated by OpenSSL so this should not cause a problem. When
+called from the NPN callback the client list is locally configured and
+will not have already been validated. Therefore SSL_select_next_proto
+should not assume that it is correctly formatted.
+
+We implement stricter checking of the client protocol list. We also do the
+same for the server list while we are about it.
+
+CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 40 insertions(+), 23 deletions(-)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 016135f..cf52b31 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3518,37 +3518,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+ unsigned int server_len,
+ const unsigned char *client, unsigned int client_len)
+ {
+- unsigned int i, j;
+- const unsigned char *result;
+- int status = OPENSSL_NPN_UNSUPPORTED;
++ PACKET cpkt, csubpkt, spkt, ssubpkt;
++
++ if (!PACKET_buf_init(&cpkt, client, client_len)
++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
++ || PACKET_remaining(&csubpkt) == 0) {
++ *out = NULL;
++ *outlen = 0;
++ return OPENSSL_NPN_NO_OVERLAP;
++ }
++
++ /*
++ * Set the default opportunistic protocol. Will be overwritten if we find
++ * a match.
++ */
++ *out = (unsigned char *)PACKET_data(&csubpkt);
++ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
+
+ /*
+ * For each protocol in server preference order, see if we support it.
+ */
+- for (i = 0; i < server_len;) {
+- for (j = 0; j < client_len;) {
+- if (server[i] == client[j] &&
+- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+- /* We found a match */
+- result = &server[i];
+- status = OPENSSL_NPN_NEGOTIATED;
+- goto found;
++ if (PACKET_buf_init(&spkt, server, server_len)) {
++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
++ if (PACKET_remaining(&ssubpkt) == 0)
++ continue; /* Invalid - ignore it */
++ if (PACKET_buf_init(&cpkt, client, client_len)) {
++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
++ PACKET_remaining(&ssubpkt))) {
++ /* We found a match */
++ *out = (unsigned char *)PACKET_data(&ssubpkt);
++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
++ return OPENSSL_NPN_NEGOTIATED;
++ }
++ }
++ /* Ignore spurious trailing bytes in the client list */
++ } else {
++ /* This should never happen */
++ return OPENSSL_NPN_NO_OVERLAP;
+ }
+- j += client[j];
+- j++;
+ }
+- i += server[i];
+- i++;
++ /* Ignore spurious trailing bytes in the server list */
+ }
+
+- /* There's no overlap between our protocols and the server's list. */
+- result = client;
+- status = OPENSSL_NPN_NO_OVERLAP;
+-
+- found:
+- *out = (unsigned char *)result + 1;
+- *outlen = result[0];
+- return status;
++ /*
++ * There's no overlap between our protocols and the server's list. We use
++ * the default opportunistic protocol selected earlier
++ */
++ return OPENSSL_NPN_NO_OVERLAP;
+ }
+
+ #ifndef OPENSSL_NO_NEXTPROTONEG
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
new file mode 100644
index 0000000000..7cc36f20ab
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
@@ -0,0 +1,203 @@
+From 61cad53901703944d22f1cd6a1b57460f2270599 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 21 Jun 2024 14:29:26 +0100
+Subject: [PATCH 10/10] Add a test for an empty NextProto message
+
+It is valid according to the spec for a NextProto message to have no
+protocols listed in it. The OpenSSL implementation however does not allow
+us to create such a message. In order to check that we work as expected
+when communicating with a client that does generate such messages we have
+to use a TLSProxy test.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/301b870546d1c7b2d8f0d66e04a2596142f0399f]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ test/recipes/70-test_npn.t | 73 +++++++++++++++++++++++++++++++++
+ util/perl/TLSProxy/Message.pm | 9 ++++
+ util/perl/TLSProxy/NextProto.pm | 54 ++++++++++++++++++++++++
+ util/perl/TLSProxy/Proxy.pm | 1 +
+ 4 files changed, 137 insertions(+)
+ create mode 100644 test/recipes/70-test_npn.t
+ create mode 100644 util/perl/TLSProxy/NextProto.pm
+
+diff --git a/test/recipes/70-test_npn.t b/test/recipes/70-test_npn.t
+new file mode 100644
+index 0000000..f82e71a
+--- /dev/null
++++ b/test/recipes/70-test_npn.t
+@@ -0,0 +1,73 @@
++#! /usr/bin/env perl
++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
++use OpenSSL::Test::Utils;
++
++use TLSProxy::Proxy;
++
++my $test_name = "test_npn";
++setup($test_name);
++
++plan skip_all => "TLSProxy isn't usable on $^O"
++ if $^O =~ /^(VMS)$/;
++
++plan skip_all => "$test_name needs the dynamic engine feature enabled"
++ if disabled("engine") || disabled("dynamic-engine");
++
++plan skip_all => "$test_name needs the sock feature enabled"
++ if disabled("sock");
++
++plan skip_all => "$test_name needs NPN enabled"
++ if disabled("nextprotoneg");
++
++plan skip_all => "$test_name needs TLSv1.2 enabled"
++ if disabled("tls1_2");
++
++my $proxy = TLSProxy::Proxy->new(
++ undef,
++ cmdstr(app(["openssl"]), display => 1),
++ srctop_file("apps", "server.pem"),
++ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
++);
++
++$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
++plan tests => 1;
++
++my $npnseen = 0;
++
++# Test 1: Check sending an empty NextProto message from the client works. This is
++# valid as per the spec, but OpenSSL does not allow you to send it.
++# Therefore we must be prepared to receive such a message but we cannot
++# generate it except via TLSProxy
++$proxy->clear();
++$proxy->filter(\&npn_filter);
++$proxy->clientflags("-nextprotoneg foo -no_tls1_3");
++$proxy->serverflags("-nextprotoneg foo");
++$proxy->start();
++ok($npnseen && TLSProxy::Message->success(), "Empty NPN message");
++
++sub npn_filter
++{
++ my $proxy = shift;
++ my $message;
++
++ # The NextProto message always appears in flight 2
++ return if $proxy->flight != 2;
++
++ foreach my $message (@{$proxy->message_list}) {
++ if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) {
++ # Our TLSproxy NextProto message support doesn't support parsing of
++ # the message. If we repack it just creates an empty NextProto
++ # message - which is exactly the scenario we want to test here.
++ $message->repack();
++ $npnseen = 1;
++ }
++ }
++}
+diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm
+index ce22187..fb41b2f 100644
+--- a/util/perl/TLSProxy/Message.pm
++++ b/util/perl/TLSProxy/Message.pm
+@@ -384,6 +384,15 @@ sub create_message
+ [@message_frag_lens]
+ );
+ $message->parse();
++ } elsif ($mt == MT_NEXT_PROTO) {
++ $message = TLSProxy::NextProto->new(
++ $server,
++ $data,
++ [@message_rec_list],
++ $startoffset,
++ [@message_frag_lens]
++ );
++ $message->parse();
+ } else {
+ #Unknown message type
+ $message = TLSProxy::Message->new(
+diff --git a/util/perl/TLSProxy/NextProto.pm b/util/perl/TLSProxy/NextProto.pm
+new file mode 100644
+index 0000000..0e18347
+--- /dev/null
++++ b/util/perl/TLSProxy/NextProto.pm
+@@ -0,0 +1,54 @@
++# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++use strict;
++
++package TLSProxy::NextProto;
++
++use vars '@ISA';
++push @ISA, 'TLSProxy::Message';
++
++sub new
++{
++ my $class = shift;
++ my ($server,
++ $data,
++ $records,
++ $startoffset,
++ $message_frag_lens) = @_;
++
++ my $self = $class->SUPER::new(
++ $server,
++ TLSProxy::Message::MT_NEXT_PROTO,
++ $data,
++ $records,
++ $startoffset,
++ $message_frag_lens);
++
++ return $self;
++}
++
++sub parse
++{
++ # We don't support parsing at the moment
++}
++
++# This is supposed to reconstruct the on-the-wire message data following changes.
++# For now though since we don't support parsing we just create an empty NextProto
++# message - this capability is used in test_npn
++sub set_message_contents
++{
++ my $self = shift;
++ my $data;
++
++ $data = pack("C32", 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00);
++ $self->data($data);
++}
++1;
+diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
+index 3de10ec..b707722 100644
+--- a/util/perl/TLSProxy/Proxy.pm
++++ b/util/perl/TLSProxy/Proxy.pm
+@@ -23,6 +23,7 @@ use TLSProxy::CertificateRequest;
+ use TLSProxy::CertificateVerify;
+ use TLSProxy::ServerKeyExchange;
+ use TLSProxy::NewSessionTicket;
++use TLSProxy::NextProto;
+
+ my $have_IPv6;
+ my $IP_factory;
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
new file mode 100644
index 0000000000..768304f00b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
@@ -0,0 +1,43 @@
+From 6de1d37cd129b0af5b4a247c76f97b98e70b108b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 31 May 2024 11:18:27 +0100
+Subject: [PATCH 02/10] More correctly handle a selected_len of 0 when
+ processing NPN
+
+In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but
+the selected_len is 0 we should fail. Previously this would fail with an
+internal_error alert because calling OPENSSL_malloc(selected_len) will
+return NULL when selected_len is 0. We make this error detection more
+explicit and return a handshake failure alert.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/015255851371757d54c2560643eb3b3a88123cf1]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ ssl/statem/extensions_clnt.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
+index 381a6c9..1ab3c13 100644
+--- a/ssl/statem/extensions_clnt.c
++++ b/ssl/statem/extensions_clnt.c
+@@ -1560,8 +1560,8 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
+ if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s),
+ &selected, &selected_len,
+ PACKET_data(pkt), PACKET_remaining(pkt),
+- sctx->ext.npn_select_cb_arg) !=
+- SSL_TLSEXT_ERR_OK) {
++ sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
++ || selected_len == 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
+ return 0;
+ }
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
new file mode 100644
index 0000000000..d6d4d869be
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
@@ -0,0 +1,38 @@
+From 4f9334a33da89949f97927c8fe7df1003c42cda4 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 31 May 2024 11:22:13 +0100
+Subject: [PATCH 03/10] Use correctly formatted ALPN data in tserver
+
+The QUIC test server was using incorrectly formatted ALPN data. With the
+previous implementation of SSL_select_next_proto this went unnoticed. With
+the new stricter implemenation it was failing.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/6cc511826f09e513b4ec066d9b95acaf4f86d991]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ ssl/quic/quic_tserver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
+index 86187d0..15694e7 100644
+--- a/ssl/quic/quic_tserver.c
++++ b/ssl/quic/quic_tserver.c
+@@ -58,7 +58,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out,
+
+ if (srv->args.alpn == NULL) {
+ alpn = alpndeflt;
+- alpnlen = sizeof(alpn);
++ alpnlen = sizeof(alpndeflt);
+ } else {
+ alpn = srv->args.alpn;
+ alpnlen = srv->args.alpnlen;
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
new file mode 100644
index 0000000000..03fc1168f9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
@@ -0,0 +1,82 @@
+From 5145a1f50e44c9f86127a76f01519a9f25157290 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 31 May 2024 11:46:38 +0100
+Subject: [PATCH 04/10] Clarify the SSL_select_next_proto() documentation
+
+We clarify the input preconditions and the expected behaviour in the event
+of no overlap.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/8e81c57adbbf703dfb63955f65599765fdacc741]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
+index 05fee2f..79e1a25 100644
+--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
++++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
+@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
+ SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
+ set the list of protocols available to be negotiated. The B<protos> must be in
+ protocol-list format, described below. The length of B<protos> is specified in
+-B<protos_len>.
++B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
++protocols and no ALPN extension will be sent to the server.
+
+ SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
+ server to select which protocol to use for the incoming connection. When B<cb>
+@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
+ described below. The first item in the B<server>, B<server_len> list that
+ matches an item in the B<client>, B<client_len> list is selected, and returned
+ in B<out>, B<outlen>. The B<out> value will point into either B<server> or
+-B<client>, so it should be copied immediately. If no match is found, the first
+-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
+-function can also be used in the NPN callback.
++B<client>, so it should be copied immediately. The client list must include at
++least one valid (nonempty) protocol entry in the list.
++
++The SSL_select_next_proto() helper function can be useful from either the ALPN
++callback or the NPN callback (described below). If no match is found, the first
++item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
++B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
++the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
++must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
++SSL_select_next_proto().
+
+ SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
+ client needs to select a protocol from the server's provided list, and a
+@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
+ The length of the protocol name must be written into B<outlen>. The
+ server's advertised protocols are provided in B<in> and B<inlen>. The
+ callback can assume that B<in> is syntactically valid. The client must
+-select a protocol. It is fatal to the connection if this callback returns
+-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
+-set via SSL_CTX_set_next_proto_select_cb().
++select a protocol (although it may be an empty, zero length protocol). It is
++fatal to the connection if this callback returns a value other than
++B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
++parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
+
+ SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
+ when a TLS server needs a list of supported protocols for Next Protocol
+@@ -154,7 +163,8 @@ A match was found and is returned in B<out>, B<outlen>.
+ =item OPENSSL_NPN_NO_OVERLAP
+
+ No match was found. The first item in B<client>, B<client_len> is returned in
+-B<out>, B<outlen>.
++B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
++B<client> is invalid).
+
+ =back
+
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
new file mode 100644
index 0000000000..e439d9b59a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
@@ -0,0 +1,176 @@
+From 01d44bc7f50670002cad495654fd99a6371d7662 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 31 May 2024 16:35:16 +0100
+Subject: [PATCH 05/10] Add a test for SSL_select_next_proto
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/add5c52a25c549cec4a730cdf96e2252f0a1862d]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ test/sslapitest.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 137 insertions(+)
+
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index ce16332..15cb906 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -11741,6 +11741,142 @@ static int test_multi_resume(int idx)
+ return testresult;
+ }
+
++static struct next_proto_st {
++ int serverlen;
++ unsigned char server[40];
++ int clientlen;
++ unsigned char client[40];
++ int expected_ret;
++ size_t selectedlen;
++ unsigned char selected[40];
++} next_proto_tests[] = {
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', },
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'},
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' },
++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'},
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' },
++ 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'},
++ OPENSSL_NPN_NEGOTIATED,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 4, { 3, 'b', 'c', 'd' },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NO_OVERLAP,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 0, { 0 },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NO_OVERLAP,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ -1, { 0 },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NO_OVERLAP,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ 0, { 0 },
++ OPENSSL_NPN_NO_OVERLAP,
++ 0, { 0 }
++ },
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ -1, { 0 },
++ OPENSSL_NPN_NO_OVERLAP,
++ 0, { 0 }
++ },
++ {
++ 3, { 3, 'a', 'b', 'c' },
++ 4, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NO_OVERLAP,
++ 3, { 'a', 'b', 'c' }
++ },
++ {
++ 4, { 3, 'a', 'b', 'c' },
++ 3, { 3, 'a', 'b', 'c' },
++ OPENSSL_NPN_NO_OVERLAP,
++ 0, { 0 }
++ }
++};
++
++static int test_select_next_proto(int idx)
++{
++ struct next_proto_st *np = &next_proto_tests[idx];
++ int ret = 0;
++ unsigned char *out, *client, *server;
++ unsigned char outlen;
++ unsigned int clientlen, serverlen;
++
++ if (np->clientlen == -1) {
++ client = NULL;
++ clientlen = 0;
++ } else {
++ client = np->client;
++ clientlen = (unsigned int)np->clientlen;
++ }
++ if (np->serverlen == -1) {
++ server = NULL;
++ serverlen = 0;
++ } else {
++ server = np->server;
++ serverlen = (unsigned int)np->serverlen;
++ }
++
++ if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen,
++ client, clientlen),
++ np->expected_ret))
++ goto err;
++
++ if (np->selectedlen == 0) {
++ if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0))
++ goto err;
++ } else {
++ if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen))
++ goto err;
++ }
++
++ ret = 1;
++ err:
++ return ret;
++}
++
+ OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
+
+ int setup_tests(void)
+@@ -12053,6 +12189,7 @@ int setup_tests(void)
+ ADD_ALL_TESTS(test_handshake_retry, 16);
+ ADD_TEST(test_data_retry);
+ ADD_ALL_TESTS(test_multi_resume, 5);
++ ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests));
+ return 1;
+
+ err:
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
new file mode 100644
index 0000000000..df24702fa6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
@@ -0,0 +1,1173 @@
+From e344d0b5860560ffa59415ea4028ba7760b2a773 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 4 Jun 2024 15:47:32 +0100
+Subject: [PATCH 06/10] Allow an empty NPN/ALPN protocol list in the tests
+
+Allow ourselves to configure an empty NPN/ALPN protocol list and test what
+happens if we do.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/7ea1f6a85b299b976cb3f756b2a7f0153f31b2b6]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ test/helpers/handshake.c | 6 +
+ test/ssl-tests/08-npn.cnf | 553 +++++++++++++++++++---------------
+ test/ssl-tests/08-npn.cnf.in | 35 +++
+ test/ssl-tests/09-alpn.cnf | 66 +++-
+ test/ssl-tests/09-alpn.cnf.in | 33 ++
+ 5 files changed, 449 insertions(+), 244 deletions(-)
+
+diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
+index ae2ad59..b66b2f5 100644
+--- a/test/helpers/handshake.c
++++ b/test/helpers/handshake.c
+@@ -444,6 +444,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen)
+
+ len = strlen(protos);
+
++ if (len == 0) {
++ *out = NULL;
++ *outlen = 0;
++ return 1;
++ }
++
+ /* Should never have reuse. */
+ if (!TEST_ptr_null(*out)
+ /* Test values are small, so we omit length limit checks. */
+diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf
+index f38b3f6..1931d02 100644
+--- a/test/ssl-tests/08-npn.cnf
++++ b/test/ssl-tests/08-npn.cnf
+@@ -1,6 +1,6 @@
+ # Generated with generate_ssl_tests.pl
+
+-num_tests = 20
++num_tests = 22
+
+ test-0 = 0-npn-simple
+ test-1 = 1-npn-client-finds-match
+@@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref
+ test-3 = 3-npn-client-first-pref-on-mismatch
+ test-4 = 4-npn-no-server-support
+ test-5 = 5-npn-no-client-support
+-test-6 = 6-npn-with-sni-no-context-switch
+-test-7 = 7-npn-with-sni-context-switch
+-test-8 = 8-npn-selected-sni-server-supports-npn
+-test-9 = 9-npn-selected-sni-server-does-not-support-npn
+-test-10 = 10-alpn-preferred-over-npn
+-test-11 = 11-sni-npn-preferred-over-alpn
+-test-12 = 12-npn-simple-resumption
+-test-13 = 13-npn-server-switch-resumption
+-test-14 = 14-npn-client-switch-resumption
+-test-15 = 15-npn-client-first-pref-on-mismatch-resumption
+-test-16 = 16-npn-no-server-support-resumption
+-test-17 = 17-npn-no-client-support-resumption
+-test-18 = 18-alpn-preferred-over-npn-resumption
+-test-19 = 19-npn-used-if-alpn-not-supported-resumption
++test-6 = 6-npn-empty-client-list
++test-7 = 7-npn-empty-server-list
++test-8 = 8-npn-with-sni-no-context-switch
++test-9 = 9-npn-with-sni-context-switch
++test-10 = 10-npn-selected-sni-server-supports-npn
++test-11 = 11-npn-selected-sni-server-does-not-support-npn
++test-12 = 12-alpn-preferred-over-npn
++test-13 = 13-sni-npn-preferred-over-alpn
++test-14 = 14-npn-simple-resumption
++test-15 = 15-npn-server-switch-resumption
++test-16 = 16-npn-client-switch-resumption
++test-17 = 17-npn-client-first-pref-on-mismatch-resumption
++test-18 = 18-npn-no-server-support-resumption
++test-19 = 19-npn-no-client-support-resumption
++test-20 = 20-alpn-preferred-over-npn-resumption
++test-21 = 21-npn-used-if-alpn-not-supported-resumption
+ # ===========================================================
+
+ [0-npn-simple]
+@@ -206,253 +208,318 @@ NPNProtocols = foo
+
+ # ===========================================================
+
+-[6-npn-with-sni-no-context-switch]
+-ssl_conf = 6-npn-with-sni-no-context-switch-ssl
++[6-npn-empty-client-list]
++ssl_conf = 6-npn-empty-client-list-ssl
+
+-[6-npn-with-sni-no-context-switch-ssl]
+-server = 6-npn-with-sni-no-context-switch-server
+-client = 6-npn-with-sni-no-context-switch-client
+-server2 = 6-npn-with-sni-no-context-switch-server2
++[6-npn-empty-client-list-ssl]
++server = 6-npn-empty-client-list-server
++client = 6-npn-empty-client-list-client
+
+-[6-npn-with-sni-no-context-switch-server]
++[6-npn-empty-client-list-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[6-npn-with-sni-no-context-switch-server2]
++[6-npn-empty-client-list-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-6]
++ExpectedClientAlert = HandshakeFailure
++ExpectedResult = ClientFail
++server = 6-npn-empty-client-list-server-extra
++client = 6-npn-empty-client-list-client-extra
++
++[6-npn-empty-client-list-server-extra]
++NPNProtocols = foo
++
++[6-npn-empty-client-list-client-extra]
++NPNProtocols =
++
++
++# ===========================================================
++
++[7-npn-empty-server-list]
++ssl_conf = 7-npn-empty-server-list-ssl
++
++[7-npn-empty-server-list-ssl]
++server = 7-npn-empty-server-list-server
++client = 7-npn-empty-server-list-client
++
++[7-npn-empty-server-list-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[6-npn-with-sni-no-context-switch-client]
++[7-npn-empty-server-list-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-6]
++[test-7]
++ExpectedNPNProtocol = foo
++server = 7-npn-empty-server-list-server-extra
++client = 7-npn-empty-server-list-client-extra
++
++[7-npn-empty-server-list-server-extra]
++NPNProtocols =
++
++[7-npn-empty-server-list-client-extra]
++NPNProtocols = foo
++
++
++# ===========================================================
++
++[8-npn-with-sni-no-context-switch]
++ssl_conf = 8-npn-with-sni-no-context-switch-ssl
++
++[8-npn-with-sni-no-context-switch-ssl]
++server = 8-npn-with-sni-no-context-switch-server
++client = 8-npn-with-sni-no-context-switch-client
++server2 = 8-npn-with-sni-no-context-switch-server2
++
++[8-npn-with-sni-no-context-switch-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-npn-with-sni-no-context-switch-server2]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[8-npn-with-sni-no-context-switch-client]
++CipherString = DEFAULT
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-8]
+ ExpectedNPNProtocol = foo
+ ExpectedServerName = server1
+-server = 6-npn-with-sni-no-context-switch-server-extra
+-server2 = 6-npn-with-sni-no-context-switch-server2-extra
+-client = 6-npn-with-sni-no-context-switch-client-extra
++server = 8-npn-with-sni-no-context-switch-server-extra
++server2 = 8-npn-with-sni-no-context-switch-server2-extra
++client = 8-npn-with-sni-no-context-switch-client-extra
+
+-[6-npn-with-sni-no-context-switch-server-extra]
++[8-npn-with-sni-no-context-switch-server-extra]
+ NPNProtocols = foo
+ ServerNameCallback = IgnoreMismatch
+
+-[6-npn-with-sni-no-context-switch-server2-extra]
++[8-npn-with-sni-no-context-switch-server2-extra]
+ NPNProtocols = bar
+
+-[6-npn-with-sni-no-context-switch-client-extra]
++[8-npn-with-sni-no-context-switch-client-extra]
+ NPNProtocols = foo,bar
+ ServerName = server1
+
+
+ # ===========================================================
+
+-[7-npn-with-sni-context-switch]
+-ssl_conf = 7-npn-with-sni-context-switch-ssl
++[9-npn-with-sni-context-switch]
++ssl_conf = 9-npn-with-sni-context-switch-ssl
+
+-[7-npn-with-sni-context-switch-ssl]
+-server = 7-npn-with-sni-context-switch-server
+-client = 7-npn-with-sni-context-switch-client
+-server2 = 7-npn-with-sni-context-switch-server2
++[9-npn-with-sni-context-switch-ssl]
++server = 9-npn-with-sni-context-switch-server
++client = 9-npn-with-sni-context-switch-client
++server2 = 9-npn-with-sni-context-switch-server2
+
+-[7-npn-with-sni-context-switch-server]
++[9-npn-with-sni-context-switch-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[7-npn-with-sni-context-switch-server2]
++[9-npn-with-sni-context-switch-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[7-npn-with-sni-context-switch-client]
++[9-npn-with-sni-context-switch-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-7]
++[test-9]
+ ExpectedNPNProtocol = bar
+ ExpectedServerName = server2
+-server = 7-npn-with-sni-context-switch-server-extra
+-server2 = 7-npn-with-sni-context-switch-server2-extra
+-client = 7-npn-with-sni-context-switch-client-extra
++server = 9-npn-with-sni-context-switch-server-extra
++server2 = 9-npn-with-sni-context-switch-server2-extra
++client = 9-npn-with-sni-context-switch-client-extra
+
+-[7-npn-with-sni-context-switch-server-extra]
++[9-npn-with-sni-context-switch-server-extra]
+ NPNProtocols = foo
+ ServerNameCallback = IgnoreMismatch
+
+-[7-npn-with-sni-context-switch-server2-extra]
++[9-npn-with-sni-context-switch-server2-extra]
+ NPNProtocols = bar
+
+-[7-npn-with-sni-context-switch-client-extra]
++[9-npn-with-sni-context-switch-client-extra]
+ NPNProtocols = foo,bar
+ ServerName = server2
+
+
+ # ===========================================================
+
+-[8-npn-selected-sni-server-supports-npn]
+-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
++[10-npn-selected-sni-server-supports-npn]
++ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl
+
+-[8-npn-selected-sni-server-supports-npn-ssl]
+-server = 8-npn-selected-sni-server-supports-npn-server
+-client = 8-npn-selected-sni-server-supports-npn-client
+-server2 = 8-npn-selected-sni-server-supports-npn-server2
++[10-npn-selected-sni-server-supports-npn-ssl]
++server = 10-npn-selected-sni-server-supports-npn-server
++client = 10-npn-selected-sni-server-supports-npn-client
++server2 = 10-npn-selected-sni-server-supports-npn-server2
+
+-[8-npn-selected-sni-server-supports-npn-server]
++[10-npn-selected-sni-server-supports-npn-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[8-npn-selected-sni-server-supports-npn-server2]
++[10-npn-selected-sni-server-supports-npn-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[8-npn-selected-sni-server-supports-npn-client]
++[10-npn-selected-sni-server-supports-npn-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-8]
++[test-10]
+ ExpectedNPNProtocol = bar
+ ExpectedServerName = server2
+-server = 8-npn-selected-sni-server-supports-npn-server-extra
+-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
+-client = 8-npn-selected-sni-server-supports-npn-client-extra
++server = 10-npn-selected-sni-server-supports-npn-server-extra
++server2 = 10-npn-selected-sni-server-supports-npn-server2-extra
++client = 10-npn-selected-sni-server-supports-npn-client-extra
+
+-[8-npn-selected-sni-server-supports-npn-server-extra]
++[10-npn-selected-sni-server-supports-npn-server-extra]
+ ServerNameCallback = IgnoreMismatch
+
+-[8-npn-selected-sni-server-supports-npn-server2-extra]
++[10-npn-selected-sni-server-supports-npn-server2-extra]
+ NPNProtocols = bar
+
+-[8-npn-selected-sni-server-supports-npn-client-extra]
++[10-npn-selected-sni-server-supports-npn-client-extra]
+ NPNProtocols = foo,bar
+ ServerName = server2
+
+
+ # ===========================================================
+
+-[9-npn-selected-sni-server-does-not-support-npn]
+-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
++[11-npn-selected-sni-server-does-not-support-npn]
++ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl
+
+-[9-npn-selected-sni-server-does-not-support-npn-ssl]
+-server = 9-npn-selected-sni-server-does-not-support-npn-server
+-client = 9-npn-selected-sni-server-does-not-support-npn-client
+-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
++[11-npn-selected-sni-server-does-not-support-npn-ssl]
++server = 11-npn-selected-sni-server-does-not-support-npn-server
++client = 11-npn-selected-sni-server-does-not-support-npn-client
++server2 = 11-npn-selected-sni-server-does-not-support-npn-server2
+
+-[9-npn-selected-sni-server-does-not-support-npn-server]
++[11-npn-selected-sni-server-does-not-support-npn-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[9-npn-selected-sni-server-does-not-support-npn-server2]
++[11-npn-selected-sni-server-does-not-support-npn-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[9-npn-selected-sni-server-does-not-support-npn-client]
++[11-npn-selected-sni-server-does-not-support-npn-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-9]
++[test-11]
+ ExpectedServerName = server2
+-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
+-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
++server = 11-npn-selected-sni-server-does-not-support-npn-server-extra
++client = 11-npn-selected-sni-server-does-not-support-npn-client-extra
+
+-[9-npn-selected-sni-server-does-not-support-npn-server-extra]
++[11-npn-selected-sni-server-does-not-support-npn-server-extra]
+ NPNProtocols = bar
+ ServerNameCallback = IgnoreMismatch
+
+-[9-npn-selected-sni-server-does-not-support-npn-client-extra]
++[11-npn-selected-sni-server-does-not-support-npn-client-extra]
+ NPNProtocols = foo,bar
+ ServerName = server2
+
+
+ # ===========================================================
+
+-[10-alpn-preferred-over-npn]
+-ssl_conf = 10-alpn-preferred-over-npn-ssl
++[12-alpn-preferred-over-npn]
++ssl_conf = 12-alpn-preferred-over-npn-ssl
+
+-[10-alpn-preferred-over-npn-ssl]
+-server = 10-alpn-preferred-over-npn-server
+-client = 10-alpn-preferred-over-npn-client
++[12-alpn-preferred-over-npn-ssl]
++server = 12-alpn-preferred-over-npn-server
++client = 12-alpn-preferred-over-npn-client
+
+-[10-alpn-preferred-over-npn-server]
++[12-alpn-preferred-over-npn-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[10-alpn-preferred-over-npn-client]
++[12-alpn-preferred-over-npn-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-10]
++[test-12]
+ ExpectedALPNProtocol = foo
+-server = 10-alpn-preferred-over-npn-server-extra
+-client = 10-alpn-preferred-over-npn-client-extra
++server = 12-alpn-preferred-over-npn-server-extra
++client = 12-alpn-preferred-over-npn-client-extra
+
+-[10-alpn-preferred-over-npn-server-extra]
++[12-alpn-preferred-over-npn-server-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar
+
+-[10-alpn-preferred-over-npn-client-extra]
++[12-alpn-preferred-over-npn-client-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar
+
+
+ # ===========================================================
+
+-[11-sni-npn-preferred-over-alpn]
+-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
++[13-sni-npn-preferred-over-alpn]
++ssl_conf = 13-sni-npn-preferred-over-alpn-ssl
+
+-[11-sni-npn-preferred-over-alpn-ssl]
+-server = 11-sni-npn-preferred-over-alpn-server
+-client = 11-sni-npn-preferred-over-alpn-client
+-server2 = 11-sni-npn-preferred-over-alpn-server2
++[13-sni-npn-preferred-over-alpn-ssl]
++server = 13-sni-npn-preferred-over-alpn-server
++client = 13-sni-npn-preferred-over-alpn-client
++server2 = 13-sni-npn-preferred-over-alpn-server2
+
+-[11-sni-npn-preferred-over-alpn-server]
++[13-sni-npn-preferred-over-alpn-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[11-sni-npn-preferred-over-alpn-server2]
++[13-sni-npn-preferred-over-alpn-server2]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[11-sni-npn-preferred-over-alpn-client]
++[13-sni-npn-preferred-over-alpn-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-11]
++[test-13]
+ ExpectedNPNProtocol = bar
+ ExpectedServerName = server2
+-server = 11-sni-npn-preferred-over-alpn-server-extra
+-server2 = 11-sni-npn-preferred-over-alpn-server2-extra
+-client = 11-sni-npn-preferred-over-alpn-client-extra
++server = 13-sni-npn-preferred-over-alpn-server-extra
++server2 = 13-sni-npn-preferred-over-alpn-server2-extra
++client = 13-sni-npn-preferred-over-alpn-client-extra
+
+-[11-sni-npn-preferred-over-alpn-server-extra]
++[13-sni-npn-preferred-over-alpn-server-extra]
+ ALPNProtocols = foo
+ ServerNameCallback = IgnoreMismatch
+
+-[11-sni-npn-preferred-over-alpn-server2-extra]
++[13-sni-npn-preferred-over-alpn-server2-extra]
+ NPNProtocols = bar
+
+-[11-sni-npn-preferred-over-alpn-client-extra]
++[13-sni-npn-preferred-over-alpn-client-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar
+ ServerName = server2
+@@ -460,356 +527,356 @@ ServerName = server2
+
+ # ===========================================================
+
+-[12-npn-simple-resumption]
+-ssl_conf = 12-npn-simple-resumption-ssl
++[14-npn-simple-resumption]
++ssl_conf = 14-npn-simple-resumption-ssl
+
+-[12-npn-simple-resumption-ssl]
+-server = 12-npn-simple-resumption-server
+-client = 12-npn-simple-resumption-client
+-resume-server = 12-npn-simple-resumption-server
+-resume-client = 12-npn-simple-resumption-client
++[14-npn-simple-resumption-ssl]
++server = 14-npn-simple-resumption-server
++client = 14-npn-simple-resumption-client
++resume-server = 14-npn-simple-resumption-server
++resume-client = 14-npn-simple-resumption-client
+
+-[12-npn-simple-resumption-server]
++[14-npn-simple-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[12-npn-simple-resumption-client]
++[14-npn-simple-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-12]
++[test-14]
+ ExpectedNPNProtocol = foo
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 12-npn-simple-resumption-server-extra
+-resume-server = 12-npn-simple-resumption-server-extra
+-client = 12-npn-simple-resumption-client-extra
+-resume-client = 12-npn-simple-resumption-client-extra
++server = 14-npn-simple-resumption-server-extra
++resume-server = 14-npn-simple-resumption-server-extra
++client = 14-npn-simple-resumption-client-extra
++resume-client = 14-npn-simple-resumption-client-extra
+
+-[12-npn-simple-resumption-server-extra]
++[14-npn-simple-resumption-server-extra]
+ NPNProtocols = foo
+
+-[12-npn-simple-resumption-client-extra]
++[14-npn-simple-resumption-client-extra]
+ NPNProtocols = foo
+
+
+ # ===========================================================
+
+-[13-npn-server-switch-resumption]
+-ssl_conf = 13-npn-server-switch-resumption-ssl
++[15-npn-server-switch-resumption]
++ssl_conf = 15-npn-server-switch-resumption-ssl
+
+-[13-npn-server-switch-resumption-ssl]
+-server = 13-npn-server-switch-resumption-server
+-client = 13-npn-server-switch-resumption-client
+-resume-server = 13-npn-server-switch-resumption-resume-server
+-resume-client = 13-npn-server-switch-resumption-client
++[15-npn-server-switch-resumption-ssl]
++server = 15-npn-server-switch-resumption-server
++client = 15-npn-server-switch-resumption-client
++resume-server = 15-npn-server-switch-resumption-resume-server
++resume-client = 15-npn-server-switch-resumption-client
+
+-[13-npn-server-switch-resumption-server]
++[15-npn-server-switch-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[13-npn-server-switch-resumption-resume-server]
++[15-npn-server-switch-resumption-resume-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[13-npn-server-switch-resumption-client]
++[15-npn-server-switch-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-13]
++[test-15]
+ ExpectedNPNProtocol = baz
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 13-npn-server-switch-resumption-server-extra
+-resume-server = 13-npn-server-switch-resumption-resume-server-extra
+-client = 13-npn-server-switch-resumption-client-extra
+-resume-client = 13-npn-server-switch-resumption-client-extra
++server = 15-npn-server-switch-resumption-server-extra
++resume-server = 15-npn-server-switch-resumption-resume-server-extra
++client = 15-npn-server-switch-resumption-client-extra
++resume-client = 15-npn-server-switch-resumption-client-extra
+
+-[13-npn-server-switch-resumption-server-extra]
++[15-npn-server-switch-resumption-server-extra]
+ NPNProtocols = bar,foo
+
+-[13-npn-server-switch-resumption-resume-server-extra]
++[15-npn-server-switch-resumption-resume-server-extra]
+ NPNProtocols = baz,foo
+
+-[13-npn-server-switch-resumption-client-extra]
++[15-npn-server-switch-resumption-client-extra]
+ NPNProtocols = foo,bar,baz
+
+
+ # ===========================================================
+
+-[14-npn-client-switch-resumption]
+-ssl_conf = 14-npn-client-switch-resumption-ssl
++[16-npn-client-switch-resumption]
++ssl_conf = 16-npn-client-switch-resumption-ssl
+
+-[14-npn-client-switch-resumption-ssl]
+-server = 14-npn-client-switch-resumption-server
+-client = 14-npn-client-switch-resumption-client
+-resume-server = 14-npn-client-switch-resumption-server
+-resume-client = 14-npn-client-switch-resumption-resume-client
++[16-npn-client-switch-resumption-ssl]
++server = 16-npn-client-switch-resumption-server
++client = 16-npn-client-switch-resumption-client
++resume-server = 16-npn-client-switch-resumption-server
++resume-client = 16-npn-client-switch-resumption-resume-client
+
+-[14-npn-client-switch-resumption-server]
++[16-npn-client-switch-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[14-npn-client-switch-resumption-client]
++[16-npn-client-switch-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[14-npn-client-switch-resumption-resume-client]
++[16-npn-client-switch-resumption-resume-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-14]
++[test-16]
+ ExpectedNPNProtocol = bar
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 14-npn-client-switch-resumption-server-extra
+-resume-server = 14-npn-client-switch-resumption-server-extra
+-client = 14-npn-client-switch-resumption-client-extra
+-resume-client = 14-npn-client-switch-resumption-resume-client-extra
++server = 16-npn-client-switch-resumption-server-extra
++resume-server = 16-npn-client-switch-resumption-server-extra
++client = 16-npn-client-switch-resumption-client-extra
++resume-client = 16-npn-client-switch-resumption-resume-client-extra
+
+-[14-npn-client-switch-resumption-server-extra]
++[16-npn-client-switch-resumption-server-extra]
+ NPNProtocols = foo,bar,baz
+
+-[14-npn-client-switch-resumption-client-extra]
++[16-npn-client-switch-resumption-client-extra]
+ NPNProtocols = foo,baz
+
+-[14-npn-client-switch-resumption-resume-client-extra]
++[16-npn-client-switch-resumption-resume-client-extra]
+ NPNProtocols = bar,baz
+
+
+ # ===========================================================
+
+-[15-npn-client-first-pref-on-mismatch-resumption]
+-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
++[17-npn-client-first-pref-on-mismatch-resumption]
++ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl
+
+-[15-npn-client-first-pref-on-mismatch-resumption-ssl]
+-server = 15-npn-client-first-pref-on-mismatch-resumption-server
+-client = 15-npn-client-first-pref-on-mismatch-resumption-client
+-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
+-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
++[17-npn-client-first-pref-on-mismatch-resumption-ssl]
++server = 17-npn-client-first-pref-on-mismatch-resumption-server
++client = 17-npn-client-first-pref-on-mismatch-resumption-client
++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server
++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client
+
+-[15-npn-client-first-pref-on-mismatch-resumption-server]
++[17-npn-client-first-pref-on-mismatch-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
++[17-npn-client-first-pref-on-mismatch-resumption-resume-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[15-npn-client-first-pref-on-mismatch-resumption-client]
++[17-npn-client-first-pref-on-mismatch-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-15]
++[test-17]
+ ExpectedNPNProtocol = foo
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
+-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
+-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
++server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra
++resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
++client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra
++resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra
+
+-[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
++[17-npn-client-first-pref-on-mismatch-resumption-server-extra]
+ NPNProtocols = bar
+
+-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
++[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
+ NPNProtocols = baz
+
+-[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
++[17-npn-client-first-pref-on-mismatch-resumption-client-extra]
+ NPNProtocols = foo,bar
+
+
+ # ===========================================================
+
+-[16-npn-no-server-support-resumption]
+-ssl_conf = 16-npn-no-server-support-resumption-ssl
++[18-npn-no-server-support-resumption]
++ssl_conf = 18-npn-no-server-support-resumption-ssl
+
+-[16-npn-no-server-support-resumption-ssl]
+-server = 16-npn-no-server-support-resumption-server
+-client = 16-npn-no-server-support-resumption-client
+-resume-server = 16-npn-no-server-support-resumption-resume-server
+-resume-client = 16-npn-no-server-support-resumption-client
++[18-npn-no-server-support-resumption-ssl]
++server = 18-npn-no-server-support-resumption-server
++client = 18-npn-no-server-support-resumption-client
++resume-server = 18-npn-no-server-support-resumption-resume-server
++resume-client = 18-npn-no-server-support-resumption-client
+
+-[16-npn-no-server-support-resumption-server]
++[18-npn-no-server-support-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[16-npn-no-server-support-resumption-resume-server]
++[18-npn-no-server-support-resumption-resume-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[16-npn-no-server-support-resumption-client]
++[18-npn-no-server-support-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-16]
++[test-18]
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 16-npn-no-server-support-resumption-server-extra
+-client = 16-npn-no-server-support-resumption-client-extra
+-resume-client = 16-npn-no-server-support-resumption-client-extra
++server = 18-npn-no-server-support-resumption-server-extra
++client = 18-npn-no-server-support-resumption-client-extra
++resume-client = 18-npn-no-server-support-resumption-client-extra
+
+-[16-npn-no-server-support-resumption-server-extra]
++[18-npn-no-server-support-resumption-server-extra]
+ NPNProtocols = foo
+
+-[16-npn-no-server-support-resumption-client-extra]
++[18-npn-no-server-support-resumption-client-extra]
+ NPNProtocols = foo
+
+
+ # ===========================================================
+
+-[17-npn-no-client-support-resumption]
+-ssl_conf = 17-npn-no-client-support-resumption-ssl
++[19-npn-no-client-support-resumption]
++ssl_conf = 19-npn-no-client-support-resumption-ssl
+
+-[17-npn-no-client-support-resumption-ssl]
+-server = 17-npn-no-client-support-resumption-server
+-client = 17-npn-no-client-support-resumption-client
+-resume-server = 17-npn-no-client-support-resumption-server
+-resume-client = 17-npn-no-client-support-resumption-resume-client
++[19-npn-no-client-support-resumption-ssl]
++server = 19-npn-no-client-support-resumption-server
++client = 19-npn-no-client-support-resumption-client
++resume-server = 19-npn-no-client-support-resumption-server
++resume-client = 19-npn-no-client-support-resumption-resume-client
+
+-[17-npn-no-client-support-resumption-server]
++[19-npn-no-client-support-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[17-npn-no-client-support-resumption-client]
++[19-npn-no-client-support-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[17-npn-no-client-support-resumption-resume-client]
++[19-npn-no-client-support-resumption-resume-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-17]
++[test-19]
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 17-npn-no-client-support-resumption-server-extra
+-resume-server = 17-npn-no-client-support-resumption-server-extra
+-client = 17-npn-no-client-support-resumption-client-extra
++server = 19-npn-no-client-support-resumption-server-extra
++resume-server = 19-npn-no-client-support-resumption-server-extra
++client = 19-npn-no-client-support-resumption-client-extra
+
+-[17-npn-no-client-support-resumption-server-extra]
++[19-npn-no-client-support-resumption-server-extra]
+ NPNProtocols = foo
+
+-[17-npn-no-client-support-resumption-client-extra]
++[19-npn-no-client-support-resumption-client-extra]
+ NPNProtocols = foo
+
+
+ # ===========================================================
+
+-[18-alpn-preferred-over-npn-resumption]
+-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
++[20-alpn-preferred-over-npn-resumption]
++ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl
+
+-[18-alpn-preferred-over-npn-resumption-ssl]
+-server = 18-alpn-preferred-over-npn-resumption-server
+-client = 18-alpn-preferred-over-npn-resumption-client
+-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
+-resume-client = 18-alpn-preferred-over-npn-resumption-client
++[20-alpn-preferred-over-npn-resumption-ssl]
++server = 20-alpn-preferred-over-npn-resumption-server
++client = 20-alpn-preferred-over-npn-resumption-client
++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server
++resume-client = 20-alpn-preferred-over-npn-resumption-client
+
+-[18-alpn-preferred-over-npn-resumption-server]
++[20-alpn-preferred-over-npn-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[18-alpn-preferred-over-npn-resumption-resume-server]
++[20-alpn-preferred-over-npn-resumption-resume-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[18-alpn-preferred-over-npn-resumption-client]
++[20-alpn-preferred-over-npn-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-18]
++[test-20]
+ ExpectedALPNProtocol = foo
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 18-alpn-preferred-over-npn-resumption-server-extra
+-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
+-client = 18-alpn-preferred-over-npn-resumption-client-extra
+-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
++server = 20-alpn-preferred-over-npn-resumption-server-extra
++resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra
++client = 20-alpn-preferred-over-npn-resumption-client-extra
++resume-client = 20-alpn-preferred-over-npn-resumption-client-extra
+
+-[18-alpn-preferred-over-npn-resumption-server-extra]
++[20-alpn-preferred-over-npn-resumption-server-extra]
+ NPNProtocols = bar
+
+-[18-alpn-preferred-over-npn-resumption-resume-server-extra]
++[20-alpn-preferred-over-npn-resumption-resume-server-extra]
+ ALPNProtocols = foo
+ NPNProtocols = baz
+
+-[18-alpn-preferred-over-npn-resumption-client-extra]
++[20-alpn-preferred-over-npn-resumption-client-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar,baz
+
+
+ # ===========================================================
+
+-[19-npn-used-if-alpn-not-supported-resumption]
+-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
++[21-npn-used-if-alpn-not-supported-resumption]
++ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl
+
+-[19-npn-used-if-alpn-not-supported-resumption-ssl]
+-server = 19-npn-used-if-alpn-not-supported-resumption-server
+-client = 19-npn-used-if-alpn-not-supported-resumption-client
+-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
+-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
++[21-npn-used-if-alpn-not-supported-resumption-ssl]
++server = 21-npn-used-if-alpn-not-supported-resumption-server
++client = 21-npn-used-if-alpn-not-supported-resumption-client
++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server
++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client
+
+-[19-npn-used-if-alpn-not-supported-resumption-server]
++[21-npn-used-if-alpn-not-supported-resumption-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[19-npn-used-if-alpn-not-supported-resumption-resume-server]
++[21-npn-used-if-alpn-not-supported-resumption-resume-server]
+ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+ CipherString = DEFAULT
+ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+-[19-npn-used-if-alpn-not-supported-resumption-client]
++[21-npn-used-if-alpn-not-supported-resumption-client]
+ CipherString = DEFAULT
+ MaxProtocol = TLSv1.2
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+-[test-19]
++[test-21]
+ ExpectedNPNProtocol = baz
+ HandshakeMode = Resume
+ ResumptionExpected = Yes
+-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
+-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
+-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
++server = 21-npn-used-if-alpn-not-supported-resumption-server-extra
++resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra
++client = 21-npn-used-if-alpn-not-supported-resumption-client-extra
++resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra
+
+-[19-npn-used-if-alpn-not-supported-resumption-server-extra]
++[21-npn-used-if-alpn-not-supported-resumption-server-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar
+
+-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
++[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
+ NPNProtocols = baz
+
+-[19-npn-used-if-alpn-not-supported-resumption-client-extra]
++[21-npn-used-if-alpn-not-supported-resumption-client-extra]
+ ALPNProtocols = foo
+ NPNProtocols = bar,baz
+
+diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in
+index 30783e4..1dc2704 100644
+--- a/test/ssl-tests/08-npn.cnf.in
++++ b/test/ssl-tests/08-npn.cnf.in
+@@ -110,6 +110,41 @@ our @tests = (
+ "ExpectedNPNProtocol" => undef,
+ },
+ },
++ {
++ name => "npn-empty-client-list",
++ server => {
++ extra => {
++ "NPNProtocols" => "foo",
++ },
++ },
++ client => {
++ extra => {
++ "NPNProtocols" => "",
++ },
++ "MaxProtocol" => "TLSv1.2"
++ },
++ test => {
++ "ExpectedResult" => "ClientFail",
++ "ExpectedClientAlert" => "HandshakeFailure"
++ },
++ },
++ {
++ name => "npn-empty-server-list",
++ server => {
++ extra => {
++ "NPNProtocols" => "",
++ },
++ },
++ client => {
++ extra => {
++ "NPNProtocols" => "foo",
++ },
++ "MaxProtocol" => "TLSv1.2"
++ },
++ test => {
++ "ExpectedNPNProtocol" => "foo"
++ },
++ },
+ {
+ name => "npn-with-sni-no-context-switch",
+ server => {
+diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf
+index e7e6cb9..dd66873 100644
+--- a/test/ssl-tests/09-alpn.cnf
++++ b/test/ssl-tests/09-alpn.cnf
+@@ -1,6 +1,6 @@
+ # Generated with generate_ssl_tests.pl
+
+-num_tests = 16
++num_tests = 18
+
+ test-0 = 0-alpn-simple
+ test-1 = 1-alpn-server-finds-match
+@@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption
+ test-13 = 13-alpn-alert-on-mismatch-resumption
+ test-14 = 14-alpn-no-server-support-resumption
+ test-15 = 15-alpn-no-client-support-resumption
++test-16 = 16-alpn-empty-client-list
++test-17 = 17-alpn-empty-server-list
+ # ===========================================================
+
+ [0-alpn-simple]
+@@ -617,3 +619,65 @@ ALPNProtocols = foo
+ ALPNProtocols = foo
+
+
++# ===========================================================
++
++[16-alpn-empty-client-list]
++ssl_conf = 16-alpn-empty-client-list-ssl
++
++[16-alpn-empty-client-list-ssl]
++server = 16-alpn-empty-client-list-server
++client = 16-alpn-empty-client-list-client
++
++[16-alpn-empty-client-list-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[16-alpn-empty-client-list-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-16]
++server = 16-alpn-empty-client-list-server-extra
++client = 16-alpn-empty-client-list-client-extra
++
++[16-alpn-empty-client-list-server-extra]
++ALPNProtocols = foo
++
++[16-alpn-empty-client-list-client-extra]
++ALPNProtocols =
++
++
++# ===========================================================
++
++[17-alpn-empty-server-list]
++ssl_conf = 17-alpn-empty-server-list-ssl
++
++[17-alpn-empty-server-list-ssl]
++server = 17-alpn-empty-server-list-server
++client = 17-alpn-empty-server-list-client
++
++[17-alpn-empty-server-list-server]
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++[17-alpn-empty-server-list-client]
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++[test-17]
++ExpectedResult = ServerFail
++ExpectedServerAlert = NoApplicationProtocol
++server = 17-alpn-empty-server-list-server-extra
++client = 17-alpn-empty-server-list-client-extra
++
++[17-alpn-empty-server-list-server-extra]
++ALPNProtocols =
++
++[17-alpn-empty-server-list-client-extra]
++ALPNProtocols = foo
++
++
+diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in
+index 8133075..322b709 100644
+--- a/test/ssl-tests/09-alpn.cnf.in
++++ b/test/ssl-tests/09-alpn.cnf.in
+@@ -322,4 +322,37 @@ our @tests = (
+ "ExpectedALPNProtocol" => undef,
+ },
+ },
++ {
++ name => "alpn-empty-client-list",
++ server => {
++ extra => {
++ "ALPNProtocols" => "foo",
++ },
++ },
++ client => {
++ extra => {
++ "ALPNProtocols" => "",
++ },
++ },
++ test => {
++ "ExpectedALPNProtocol" => undef,
++ },
++ },
++ {
++ name => "alpn-empty-server-list",
++ server => {
++ extra => {
++ "ALPNProtocols" => "",
++ },
++ },
++ client => {
++ extra => {
++ "ALPNProtocols" => "foo",
++ },
++ },
++ test => {
++ "ExpectedResult" => "ServerFail",
++ "ExpectedServerAlert" => "NoApplicationProtocol",
++ },
++ },
+ );
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
new file mode 100644
index 0000000000..7319d27bb8
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
@@ -0,0 +1,43 @@
+From 86351b8dd4c499de7a0c02313ee54966e978150f Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 21 Jun 2024 10:41:55 +0100
+Subject: [PATCH 07/10] Correct return values for
+ tls_construct_stoc_next_proto_neg
+
+Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
+rather than EXT_RETURN_SENT. This actually makes no difference at all to
+the current control flow since this return value is ignored in this case
+anyway. But lets make it correct anyway.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/53f5677f358c4a4f69830d944ea40e71950673b8]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ ssl/statem/extensions_srvr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
+index 64ccb3e..b821c7c 100644
+--- a/ssl/statem/extensions_srvr.c
++++ b/ssl/statem/extensions_srvr.c
+@@ -1496,9 +1496,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
+ return EXT_RETURN_FAIL;
+ }
+ s->s3.npn_seen = 1;
++ return EXT_RETURN_SENT;
+ }
+
+- return EXT_RETURN_SENT;
++ return EXT_RETURN_NOT_SENT;
+ }
+ #endif
+
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
new file mode 100644
index 0000000000..f64938a5ca
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
@@ -0,0 +1,66 @@
+From 29f860914824cde6b0aea6ad818b93132930137f Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 21 Jun 2024 11:51:54 +0100
+Subject: [PATCH 08/10] Add ALPN validation in the client
+
+The ALPN protocol selected by the server must be one that we originally
+advertised. We should verify that it is.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/195e15421df113d7283aab2ccff8b8fb06df5465]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
+index 1ab3c13..ff9c009 100644
+--- a/ssl/statem/extensions_clnt.c
++++ b/ssl/statem/extensions_clnt.c
+@@ -1590,6 +1590,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx)
+ {
+ size_t len;
++ PACKET confpkt, protpkt;
++ int valid = 0;
+
+ /* We must have requested it. */
+ if (!s->s3.alpn_sent) {
+@@ -1608,6 +1610,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+ return 0;
+ }
++
++ /* It must be a protocol that we sent */
++ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
++ if (PACKET_remaining(&protpkt) != len)
++ continue;
++ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
++ /* Valid protocol found */
++ valid = 1;
++ break;
++ }
++ }
++
++ if (!valid) {
++ /* The protocol sent from the server does not match one we advertised */
++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
++ return 0;
++ }
++
+ OPENSSL_free(s->s3.alpn_selected);
+ s->s3.alpn_selected = OPENSSL_malloc(len);
+ if (s->s3.alpn_selected == NULL) {
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
new file mode 100644
index 0000000000..fb1cef5067
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
@@ -0,0 +1,271 @@
+From 6a5484b0d3fcf9a868c7e3e5b62e5eedc90b6080 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 21 Jun 2024 10:09:41 +0100
+Subject: [PATCH 09/10] Add explicit testing of ALN and NPN in sslapitest
+
+We already had some tests elsewhere - but this extends that testing with
+additional tests.
+
+Follow on from CVE-2024-5535
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24717)
+
+Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/7c95191434415d1c9b7fe9b130df13cce630b6b5]
+CVE: CVE-2024-5535
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ test/sslapitest.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 229 insertions(+)
+
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 15cb906..7a55a2b 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -11877,6 +11877,231 @@ static int test_select_next_proto(int idx)
+ return ret;
+ }
+
++static const unsigned char fooprot[] = {3, 'f', 'o', 'o' };
++static const unsigned char barprot[] = {3, 'b', 'a', 'r' };
++
++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG)
++static int npn_advert_cb(SSL *ssl, const unsigned char **out,
++ unsigned int *outlen, void *arg)
++{
++ int *idx = (int *)arg;
++
++ switch (*idx) {
++ default:
++ case 0:
++ *out = fooprot;
++ *outlen = sizeof(fooprot);
++ return SSL_TLSEXT_ERR_OK;
++
++ case 1:
++ *outlen = 0;
++ return SSL_TLSEXT_ERR_OK;
++
++ case 2:
++ return SSL_TLSEXT_ERR_NOACK;
++ }
++}
++
++static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen,
++ const unsigned char *in, unsigned int inlen, void *arg)
++{
++ int *idx = (int *)arg;
++
++ switch (*idx) {
++ case 0:
++ case 1:
++ *out = (unsigned char *)(fooprot + 1);
++ *outlen = *fooprot;
++ return SSL_TLSEXT_ERR_OK;
++
++ case 3:
++ *out = (unsigned char *)(barprot + 1);
++ *outlen = *barprot;
++ return SSL_TLSEXT_ERR_OK;
++
++ case 4:
++ *outlen = 0;
++ return SSL_TLSEXT_ERR_OK;
++
++ default:
++ case 2:
++ return SSL_TLSEXT_ERR_ALERT_FATAL;
++ }
++}
++
++/*
++ * Test the NPN callbacks
++ * Test 0: advert = foo, select = foo
++ * Test 1: advert = <empty>, select = foo
++ * Test 2: no advert
++ * Test 3: advert = foo, select = bar
++ * Test 4: advert = foo, select = <empty> (should fail)
++ */
++static int test_npn(int idx)
++{
++ SSL_CTX *sctx = NULL, *cctx = NULL;
++ SSL *serverssl = NULL, *clientssl = NULL;
++ int testresult = 0;
++
++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
++ TLS_client_method(), 0, TLS1_2_VERSION,
++ &sctx, &cctx, cert, privkey)))
++ goto end;
++
++ SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx);
++ SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx);
++
++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
++ NULL)))
++ goto end;
++
++ if (idx == 4) {
++ /* We don't allow empty selection of NPN, so this should fail */
++ if (!TEST_false(create_ssl_connection(serverssl, clientssl,
++ SSL_ERROR_NONE)))
++ goto end;
++ } else {
++ const unsigned char *prot;
++ unsigned int protlen;
++
++ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
++ SSL_ERROR_NONE)))
++ goto end;
++
++ SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen);
++ switch (idx) {
++ case 0:
++ case 1:
++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot))
++ goto end;
++ break;
++ case 2:
++ if (!TEST_uint_eq(protlen, 0))
++ goto end;
++ break;
++ case 3:
++ if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot))
++ goto end;
++ break;
++ default:
++ TEST_error("Should not get here");
++ goto end;
++ }
++ }
++
++ testresult = 1;
++ end:
++ SSL_free(serverssl);
++ SSL_free(clientssl);
++ SSL_CTX_free(sctx);
++ SSL_CTX_free(cctx);
++
++ return testresult;
++}
++#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */
++
++static int alpn_select_cb2(SSL *ssl, const unsigned char **out,
++ unsigned char *outlen, const unsigned char *in,
++ unsigned int inlen, void *arg)
++{
++ int *idx = (int *)arg;
++
++ switch (*idx) {
++ case 0:
++ *out = (unsigned char *)(fooprot + 1);
++ *outlen = *fooprot;
++ return SSL_TLSEXT_ERR_OK;
++
++ case 2:
++ *out = (unsigned char *)(barprot + 1);
++ *outlen = *barprot;
++ return SSL_TLSEXT_ERR_OK;
++
++ case 3:
++ *outlen = 0;
++ return SSL_TLSEXT_ERR_OK;
++
++ default:
++ case 1:
++ return SSL_TLSEXT_ERR_ALERT_FATAL;
++ }
++ return 0;
++}
++
++/*
++ * Test the ALPN callbacks
++ * Test 0: client = foo, select = foo
++ * Test 1: client = <empty>, select = none
++ * Test 2: client = foo, select = bar (should fail)
++ * Test 3: client = foo, select = <empty> (should fail)
++ */
++static int test_alpn(int idx)
++{
++ SSL_CTX *sctx = NULL, *cctx = NULL;
++ SSL *serverssl = NULL, *clientssl = NULL;
++ int testresult = 0;
++ const unsigned char *prots = fooprot;
++ unsigned int protslen = sizeof(fooprot);
++
++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
++ TLS_client_method(), 0, 0,
++ &sctx, &cctx, cert, privkey)))
++ goto end;
++
++ SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx);
++
++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
++ NULL)))
++ goto end;
++
++ if (idx == 1) {
++ prots = NULL;
++ protslen = 0;
++ }
++
++ /* SSL_set_alpn_protos returns 0 for success! */
++ if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen)))
++ goto end;
++
++ if (idx == 2 || idx == 3) {
++ /* We don't allow empty selection of NPN, so this should fail */
++ if (!TEST_false(create_ssl_connection(serverssl, clientssl,
++ SSL_ERROR_NONE)))
++ goto end;
++ } else {
++ const unsigned char *prot;
++ unsigned int protlen;
++
++ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
++ SSL_ERROR_NONE)))
++ goto end;
++
++ SSL_get0_alpn_selected(clientssl, &prot, &protlen);
++ switch (idx) {
++ case 0:
++ if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot))
++ goto end;
++ break;
++ case 1:
++ if (!TEST_uint_eq(protlen, 0))
++ goto end;
++ break;
++ default:
++ TEST_error("Should not get here");
++ goto end;
++ }
++ }
++
++ testresult = 1;
++ end:
++ SSL_free(serverssl);
++ SSL_free(clientssl);
++ SSL_CTX_free(sctx);
++ SSL_CTX_free(cctx);
++
++ return testresult;
++}
++
+ OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
+
+ int setup_tests(void)
+@@ -12190,6 +12415,10 @@ int setup_tests(void)
+ ADD_TEST(test_data_retry);
+ ADD_ALL_TESTS(test_multi_resume, 5);
+ ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests));
++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ ADD_ALL_TESTS(test_npn, 5);
++#endif
++ ADD_ALL_TESTS(test_alpn, 4);
+ return 1;
+
+ err:
+--
+2.44.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.2.bb b/meta/recipes-connectivity/openssl/openssl_3.2.2.bb
index 1c92707144..3242dd69c6 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.2.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.2.bb
@@ -12,6 +12,16 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+ file://CVE-2024-5535_1.patch \
+ file://CVE-2024-5535_2.patch \
+ file://CVE-2024-5535_3.patch \
+ file://CVE-2024-5535_4.patch \
+ file://CVE-2024-5535_5.patch \
+ file://CVE-2024-5535_6.patch \
+ file://CVE-2024-5535_7.patch \
+ file://CVE-2024-5535_8.patch \
+ file://CVE-2024-5535_9.patch \
+ file://CVE-2024-5535_10.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 05/21] QEMU: Fix CVE-2024-3446 & CVE-2024-3567
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-07-04 12:26 ` [OE-core][scarthgap 04/21] OpenSSL: Security fix for CVE-2024-5535 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 06/21] gstreamer: upgrade 1.22.11 -> 1.22.12 Steve Sakoman
` (15 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Backport fixes for:
* CVE-2024-3446 - Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e && https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a && https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 && https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db
* CVE-2024-3567 - Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 5 ++
.../qemu/qemu/CVE-2024-3446-01.patch | 73 +++++++++++++++++++
.../qemu/qemu/CVE-2024-3446-02.patch | 48 ++++++++++++
.../qemu/qemu/CVE-2024-3446-03.patch | 47 ++++++++++++
.../qemu/qemu/CVE-2024-3446-04.patch | 52 +++++++++++++
.../qemu/qemu/CVE-2024-3567.patch | 48 ++++++++++++
6 files changed, 273 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4501f84c2b..d22bc31ce3 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -42,6 +42,11 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2023-6683.patch \
file://qemu-guest-agent.init \
file://qemu-guest-agent.udev \
+ file://CVE-2024-3446-01.patch \
+ file://CVE-2024-3446-02.patch \
+ file://CVE-2024-3446-03.patch \
+ file://CVE-2024-3446-04.patch \
+ file://CVE-2024-3567.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
new file mode 100644
index 0000000000..15dbca92cd
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
@@ -0,0 +1,73 @@
+rom eb546a3f49f45e6870ec91d792cd09f8a662c16e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Thu, 4 Apr 2024 20:56:11 +0200
+Subject: [PATCH] hw/virtio: Introduce virtio_bh_new_guarded() helper
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded()
+but using the transport memory guard, instead of the device one
+(there can only be one virtio device per virtio bus).
+
+Inspired-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20240409105537.18308-2-philmd@linaro.org>
+(cherry picked from commit ec0504b989ca61e03636384d3602b7bf07ffe4da)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e]
+CVE: CVE-2024-3446
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ hw/virtio/virtio.c | 10 ++++++++++
+ include/hw/virtio/virtio.h | 7 +++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 3a160f86e..8590b8971 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -4095,3 +4095,13 @@ static void virtio_register_types(void)
+ }
+
+ type_init(virtio_register_types)
++
++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
++ QEMUBHFunc *cb, void *opaque,
++ const char *name)
++{
++ DeviceState *transport = qdev_get_parent_bus(dev)->parent;
++
++ return qemu_bh_new_full(cb, opaque, name,
++ &transport->mem_reentrancy_guard);
++}
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index c8f72850b..7d5ffdc14 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -22,6 +22,7 @@
+ #include "standard-headers/linux/virtio_config.h"
+ #include "standard-headers/linux/virtio_ring.h"
+ #include "qom/object.h"
++#include "block/aio.h"
+
+ /*
+ * A guest should never accept this. It implies negotiation is broken
+@@ -508,4 +509,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev)
+ bool virtio_legacy_allowed(VirtIODevice *vdev);
+ bool virtio_legacy_check_disabled(VirtIODevice *vdev);
+
++QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
++ QEMUBHFunc *cb, void *opaque,
++ const char *name);
++#define virtio_bh_new_guarded(dev, cb, opaque) \
++ virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb)))
++
+ #endif
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
new file mode 100644
index 0000000000..843ed43ba8
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
@@ -0,0 +1,48 @@
+From 4f01537ced3e787bd985b8f8de5869b92657160a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Thu, 4 Apr 2024 20:56:41 +0200
+Subject: [PATCH] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
+so the bus and device use the same guard. Otherwise the
+DMA-reentrancy protection can be bypassed.
+
+Fixes: CVE-2024-3446
+Cc: qemu-stable@nongnu.org
+Suggested-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20240409105537.18308-5-philmd@linaro.org>
+(cherry picked from commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a]
+CVE: CVE-2024-3446
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 0e2cc8d5a..4aaced74b 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
+ vcrypto->vqs[i].dataq =
+ virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
+ vcrypto->vqs[i].dataq_bh =
+- qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
+- &dev->mem_reentrancy_guard);
++ virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh,
++ &vcrypto->vqs[i]);
+ vcrypto->vqs[i].vcrypto = vcrypto;
+ }
+
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
new file mode 100644
index 0000000000..a24652dea3
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
@@ -0,0 +1,47 @@
+From fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Thu, 4 Apr 2024 20:56:35 +0200
+Subject: [PATCH] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
+so the bus and device use the same guard. Otherwise the
+DMA-reentrancy protection can be bypassed.
+
+Fixes: CVE-2024-3446
+Cc: qemu-stable@nongnu.org
+Suggested-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20240409105537.18308-4-philmd@linaro.org>
+(cherry picked from commit b4295bff25f7b50de1d9cc94a9c6effd40056bca)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3]
+CVE: CVE-2024-3446
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ hw/char/virtio-serial-bus.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
+index dd619f073..1221fb7f1 100644
+--- a/hw/char/virtio-serial-bus.c
++++ b/hw/char/virtio-serial-bus.c
+@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
+ return;
+ }
+
+- port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
+- &dev->mem_reentrancy_guard);
++ port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port);
+ port->elem = NULL;
+ }
+
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
new file mode 100644
index 0000000000..7f0293242d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
@@ -0,0 +1,52 @@
+From 1b2a52712b249e14d246cd9c7db126088e6e64db Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Thu, 4 Apr 2024 20:56:27 +0200
+Subject: [PATCH] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6
+
+Fixes: CVE-2024-3446
+Cc: qemu-stable@nongnu.org
+Reported-by: Alexander Bulekov <alxndr@bu.edu>
+Reported-by: Yongkang Jia <kangel@zju.edu.cn>
+Reported-by: Xiao Lei <nop.leixiao@gmail.com>
+Reported-by: Yiming Tao <taoym@zju.edu.cn>
+Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
+Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20240409105537.18308-3-philmd@linaro.org>
+(cherry picked from commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db]
+CVE: CVE-2024-3446
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ hw/display/virtio-gpu.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index b016d3bac..a7b16ba07 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -1463,10 +1463,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
+
+ g->ctrl_vq = virtio_get_queue(vdev, 0);
+ g->cursor_vq = virtio_get_queue(vdev, 1);
+- g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g,
+- &qdev->mem_reentrancy_guard);
+- g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g,
+- &qdev->mem_reentrancy_guard);
++ g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g);
++ g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g);
+ g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g);
+ qemu_cond_init(&g->reset_cond);
+ QTAILQ_INIT(&g->reslist);
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
new file mode 100644
index 0000000000..f14178f881
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
@@ -0,0 +1,48 @@
+From 1cfe45956e03070f894e91b304e233b4d5b99719 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 9 Apr 2024 19:54:05 +0200
+Subject: [PATCH] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If a fragmented packet size is too short, do not try to
+calculate its checksum.
+
+Fixes: CVE-2024-3567
+Cc: qemu-stable@nongnu.org
+Reported-by: Zheyu Ma <zheyuma97@gmail.com>
+Fixes: f199b13bc1 ("igb: Implement Tx SCTP CSO")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2273
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20240410070459.49112-1-philmd@linaro.org>
+(cherry picked from commit 83ddb3dbba2ee0f1767442ae6ee665058aeb1093)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719]
+CVE: CVE-2024-3567
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ hw/net/net_tx_pkt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
+index 2e5f58b3c..d40d508a1 100644
+--- a/hw/net/net_tx_pkt.c
++++ b/hw/net/net_tx_pkt.c
+@@ -141,6 +141,10 @@ bool net_tx_pkt_update_sctp_checksum(struct NetTxPkt *pkt)
+ uint32_t csum = 0;
+ struct iovec *pl_start_frag = pkt->vec + NET_TX_PKT_PL_START_FRAG;
+
++ if (iov_size(pl_start_frag, pkt->payload_frags) < 8 + sizeof(csum)) {
++ return false;
++ }
++
+ if (iov_from_buf(pl_start_frag, pkt->payload_frags, 8, &csum, sizeof(csum)) < sizeof(csum)) {
+ return false;
+ }
+--
+2.25.1
+
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 06/21] gstreamer: upgrade 1.22.11 -> 1.22.12
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-07-04 12:26 ` [OE-core][scarthgap 05/21] QEMU: Fix CVE-2024-3446 & CVE-2024-3567 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 07/21] python3-jinja2: Upgrade 3.1.3 -> 3.1.4 Steve Sakoman
` (14 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
https://gstreamer.freedesktop.org/releases/1.22/#1.22.12
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{gst-devtools_1.22.11.bb => gst-devtools_1.22.12.bb} | 2 +-
...reamer1.0-libav_1.22.11.bb => gstreamer1.0-libav_1.22.12.bb} | 2 +-
...{gstreamer1.0-omx_1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} | 2 +-
...ugins-bad_1.22.11.bb => gstreamer1.0-plugins-bad_1.22.12.bb} | 2 +-
...ins-base_1.22.11.bb => gstreamer1.0-plugins-base_1.22.12.bb} | 2 +-
...ins-good_1.22.11.bb => gstreamer1.0-plugins-good_1.22.12.bb} | 2 +-
...ins-ugly_1.22.11.bb => gstreamer1.0-plugins-ugly_1.22.12.bb} | 2 +-
...amer1.0-python_1.22.11.bb => gstreamer1.0-python_1.22.12.bb} | 2 +-
...sp-server_1.22.11.bb => gstreamer1.0-rtsp-server_1.22.12.bb} | 2 +-
...reamer1.0-vaapi_1.22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} | 2 +-
.../{gstreamer1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} | 2 +-
11 files changed, 11 insertions(+), 11 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.11.bb => gst-devtools_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.11.bb => gstreamer1.0-libav_1.22.12.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.11.bb => gstreamer1.0-plugins-bad_1.22.12.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.11.bb => gstreamer1.0-plugins-base_1.22.12.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.11.bb => gstreamer1.0-plugins-good_1.22.12.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.11.bb => gstreamer1.0-plugins-ugly_1.22.12.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.11.bb => gstreamer1.0-python_1.22.12.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.11.bb => gstreamer1.0-rtsp-server_1.22.12.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} (97%)
diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb
index 2be406192f..c30341d1f0 100644
--- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "07766425ecb5bf857ab5ad3962321c55cd89f9386b720843f9df71c0a455eb9b"
+SRC_URI[sha256sum] = "015ff62789dab423edafe979b019c7de4c849a2b7e74912b20b74a70e5b68f72"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb
similarity index 91%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb
index f3287efa96..bd9ae2464e 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "6b13dcc9332ef27a7c1e7005c0196883874f91622f8aa6e52f218b05b15d2bf5"
+SRC_URI[sha256sum] = "3b60d4cac2fbcd085a93e9389ca23e0443bee1ca75574d31d4f12bb1bbecab48"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb
index 97348fb398..4db16ed10b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "18dfdf5f6b773d67e62a315c6cf6247da320b83603a5819493f53c69ed2eeef6"
+SRC_URI[sha256sum] = "6b0685b92ac735032d7987d1028afaeab0a98ab726e0c51e5b9bfc8f2da7c8b1"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
similarity index 98%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
index 523ee7a5ae..01c95ac85f 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
@@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://0002-avoid-including-sys-poll.h-directly.patch \
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[sha256sum] = "808d3b33fc4c71aeb2561c364a87c2e8a3e2343319a83244c8391be4b09499c8"
+SRC_URI[sha256sum] = "388b4c4412f42e36a38b17cc34119bc11879bd4d9fbd4ff6d03b2c7fc6b4d494"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
similarity index 98%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index 7aa10eb646..5905c2d5b1 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
"
-SRC_URI[sha256sum] = "65eaf72296cc5edc985695a4d80affc931e64a79f4879d05615854f7a2cf5bd1"
+SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
similarity index 97%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 85143aa1b9..8099d70791 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch"
-SRC_URI[sha256sum] = "6ddd032381827d31820540735f0004b429436b0bdac19aaeab44fa22faad52e2"
+SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb
similarity index 94%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb
index 61f46fbf7e..714ee178d8 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb
@@ -15,7 +15,7 @@ SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "7758b7decfd20c00cae5700822bcbbf03f98c723e33e17634db2e07ca1da60bf"
+SRC_URI[sha256sum] = "d59a1aaf8dd2cc416dc5b5c0b7aecd02b1811bf1229aa724e6c2a503d3799083"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb
similarity index 91%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb
index 0fbb03f757..2eee5aee5e 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "f7a5450d93fd81bf46060dca7f4a048d095b6717961fec211731a11a994c99a7"
+SRC_URI[sha256sum] = "d98d3226efea20d5c440a28988a20319a953f7c594895df2bba4538633108e9f"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
index 554ed9ec8f..c89c22f334 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "ec49d474750a6ff6729c85b448abc607fb6840b21717ad7abc967e2adbf07a24"
+SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb
index 87eb8484a1..ef75ed64b3 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "6eae1360658302b9b512fa46b4d06f5b818dfce5f2f43d7d710ca8142719d8ad"
+SRC_URI[sha256sum] = "013ad729b2fe4fccda559bddc626bcb14230cfb90a2271049f8466bfec5d80df"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
similarity index 97%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index 8965497d01..f4acb0977b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0003-tests-use-a-dictionaries-for-environment.patch \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \
"
-SRC_URI[sha256sum] = "3d16259e9dab8b002c57ce208a09b350d8282f5b0197306c0cdba9a0d0799744"
+SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 07/21] python3-jinja2: Upgrade 3.1.3 -> 3.1.4
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-07-04 12:26 ` [OE-core][scarthgap 06/21] gstreamer: upgrade 1.22.11 -> 1.22.12 Steve Sakoman
@ 2024-07-04 12:26 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 08/21] linux-yocto/6.6: update to v6.6.34 Steve Sakoman
` (13 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:26 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Switch to use flit core since upstream changed.
They also changed the capitalisation under pypi.
The license didn't change but the file was renamed, probably as it wasn't
rst.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e352680528b18c3cdae26233bef7cddc2771d42d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (79%)
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb b/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb
similarity index 79%
rename from meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
rename to meta/recipes-devtools/python/python3-jinja2_3.1.4.bb
index 636fb35811..2c02037011 100644
--- a/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb
+++ b/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb
@@ -2,17 +2,17 @@ SUMMARY = "Python Jinja2: A small but fast and easy to use stand-alone template
HOMEPAGE = "https://pypi.org/project/Jinja2/"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462"
-SRC_URI[sha256sum] = "ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"
+SRC_URI[sha256sum] = "4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"
-PYPI_PACKAGE = "Jinja2"
+PYPI_PACKAGE = "jinja2"
CVE_PRODUCT = "jinja2 jinja"
CLEANBROKEN = "1"
-inherit pypi setuptools3 ptest
+inherit pypi python_flit_core ptest
SRC_URI += " \
file://run-ptest \
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 08/21] linux-yocto/6.6: update to v6.6.34
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-07-04 12:26 ` [OE-core][scarthgap 07/21] python3-jinja2: Upgrade 3.1.3 -> 3.1.4 Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 09/21] linux-yocto/6.6: update to v6.6.35 Steve Sakoman
` (12 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
64ebf485c56b usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
76d42e596d89 Linux 6.6.34
8353b7f70dd2 smp: Provide 'setup_max_cpus' definition on UP too
50f3931746b5 selftests: net: more strict check in net_helper
225de871ddf9 smb: client: fix deadlock in smb2_find_smb_tcon()
9c3095ad40f9 powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
b48f81d2c3dc ALSA: seq: Fix incorrect UMP type for system messages
44bc51c08d64 btrfs: fix leak of qgroup extent records after transaction abort
3d08c52ba188 btrfs: fix crash on racing fsync and size-extending write into prealloc
e5104cbb146f tracefs: Clear EVENT_INODE flag in tracefs_drop_inode()
4e84ead3f60a eventfs: Keep the directories from having the same inode number as files
5ade5fbdbbb1 eventfs: Fix a possible null pointer dereference in eventfs_find_events()
cbc4dacaa5b1 NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
d6ea0e12befb nfs: fix undefined behavior in nfs_block_bits()
9191b574d7dc EDAC/igen6: Convert PCIBIOS_* return codes to errnos
8f84ae504348 EDAC/amd64: Convert PCIBIOS_* return codes to errnos
0a9007271e3f ALSA: ump: Don't accept an invalid UMP protocol number
3113ff8e496c ALSA: ump: Don't clear bank selection after sending a program change
e3ae00ee238b ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
1c7891812d85 genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
aed55acbb929 i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
e049845096e9 s390/cpacf: Make use of invalid opcode produce a link error
ab278ff72afc s390/cpacf: Split and rework cpacf query functions
4c0bfb4e867c s390/ap: Fix crash in AP internal function modify_bitmap()
b2b685c77ee3 parisc: Define sigset_t in parisc uapi header
6de4da0f1a5f parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
eea3545abf60 ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
1a48d7cf6ee5 ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
0da0e880b8c7 ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
f7f84721fd77 riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board
a95df6f04f2c ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
b0b47084f5d3 ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
3093e586b019 ext4: Fixes len calculation in mpage_journal_page_buffers
3194771798ef drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms
58ce0788c75f sparc: move struct termio to asm/termios.h
5af198c38712 net: fix __dst_negative_advice() race
ea303a7af85b kdb: Use format-specifiers rather than memset() for padding in kdb_read()
e00ec562b0e0 kdb: Merge identical case statements in kdb_read()
958ba65a3590 kdb: Fix console handling when editing and tab-completing commands
d373d3c633dc kdb: Use format-strings rather than '\0' injection in kdb_read()
107e825cc448 kdb: Fix buffer overflow during tab-complete
4c09df400284 wifi: ath10k: fix QCOM_RPROC_COMMON dependency
f07224c16678 bonding: fix oops during rmmod
8b732150f2e3 watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
766975238305 selftests/mm: fix build warnings on ppc64
0eb43c377af5 selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
c55d3564ad25 mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
2eeff6e36cd3 mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again
cb3ea7684a43 mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
f317e97da981 mm/cma: drop incorrect alignment check in cma_init_reserved_mem
3e64c37fe391 sparc64: Fix number of online CPUs
35c8cf7b8a71 rtla/timerlat: Fix histogram report when a cpu count is 0
bb5afc42c42c intel_th: pci: Add Meteor Lake-S CPU support
8f893e52b9e0 cpufreq: amd-pstate: Fix the inconsistency in max frequency units
b54d24eb4a67 tpm_tis: Do *not* flush uninitialized work
19e85d939001 kmsan: do not wipe out origin when doing partial unpoisoning
99ed145f4611 mm/ksm: fix ksm_zero_pages accounting
0a82b46a0172 mm/ksm: fix ksm_pages_scanned accounting
6c1791130b78 net/9p: fix uninit-value in p9_client_rpc()
400b8fb66c74 net/ipv6: Fix route deleting failure when metric equals 0
a19b2bc5d0c4 scsi: core: Handle devices which return an unusually large VPD page count
6d458d0dcca9 HID: i2c-hid: elan: fix reset suspend current leakage
90dd0592b3b0 i2c: acpi: Unbind mux adapters before delete
9ee7a77c150b iomap: fault in smaller chunks for non-large folio mappings
1f3988ca0d7a filemap: add helper mapping_max_folio_size()
be0ce3f6ffea mm: fix race between __split_huge_pmd_locked() and GUP-fast
2e083ef23431 kbuild: Remove support for Clang's ThinLTO caching
c2d443aa1ae3 crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
d14104360c27 crypto: ecrdsa - Fix module auto-load on add_key
cc3306fb04b1 crypto: ecdsa - Fix module auto-load on add-key
a68c0c55fa4c clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs
9562dbe5cdbb clk: bcm: rpi: Assign ->num before accessing ->hws
0dc913217fb7 clk: bcm: dvp: Assign ->num before accessing ->hws
ca6d6d872a8b LoongArch: Override higher address bits in JUMP_VIRT_ADDR
ae9e39a2fbf5 LoongArch: Add all CPUs enabled by fdt to NUMA node 0
93ca96f098f8 KVM: arm64: AArch32: Fix spurious trapping of conditional instructions
5bff951fedac KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
6660e152e5eb KVM: arm64: Fix AArch32 register narrowing on userspace write
f79edaf73709 KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
bb430ea4ba31 Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices"
7bc52dce0732 drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
f0c5c944c6d8 9p: add missing locking around taking dentry fid list
4eff07025c84 drm/amdgpu/atomfirmware: add intergrated info v2.3 table
b8385ff814ca fbdev: savage: Handle err return when savagefb_check_var failed
bd2ad553f18c drm/fbdev-generic: Do not set physical framebuffer address
22d04790d656 mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA
b5636348f324 mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
e000578a3ad3 mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
e236bb53fd6b mmc: sdhci-acpi: Sort DMI quirks alphabetically
d9ae0aa8ff8f mmc: sdhci: Add support for "Tuning Error" interrupts
c0a16ff432fe mmc: core: Add mmc_gpiod_set_cd_config() function
7590da4c04dd mmc: davinci: Don't strip remove function when driver is builtin
a80d1da923f6 media: v4l: async: Fix notifier list entry init
001b4825c93b media: v4l: async: Don't set notifier's V4L2 device if registering fails
87100b092462 media: v4l: async: Properly re-initialise notifier entry in unregister
dde33147c93a media: v4l2-core: hold videodev_lock until dev reg, finishes
3e7eeba0d345 media: mxl5xx: Move xpt structures off stack
77c4cd7e0b38 media: mc: mark the media devnode as registered from the, start
e80d9db99b7b media: mc: Fix graph walk in media_pipeline_start
2a24da4cf675 arm64: dts: ti: verdin-am62: Set memory size to 2gb
3f03a4a9e2f5 arm64: dts: hi3798cv200: fix the size of GICR
ea17c9aeb6c3 arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP
4c59282ad9d3 wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
50ebdaa25932 wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
96e544378e16 wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
8539d0b03919 wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
7994e88dabcb wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command
cd2538e5af49 md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
f9e0a4ec4b5d arm64: dts: qcom: qcs404: fix bluetooth device address
49c23519d698 arm64: tegra: Correct Tegra132 I2C alias
17695c8d5049 ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
6a283d64b486 soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
0a47ba94ec3d thermal/drivers/qcom/lmh: Check for SCM availability at probe
3d22872e7740 platform/chrome: cros_ec: Handle events during suspend after resume completion
0c08b92f9827 proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation
d171c85d74c6 fsverity: use register_sysctl_init() to avoid kmemleak warning
c5a39f16436a ata: pata_legacy: make legacy_exit() work again
91d930732554 wifi: rtw89: correct aSIFSTime for 6GHz band
6479b9f41583 bcache: fix variable length array abuse in btree_iter
5b0a3dc3e878 drm/amdgpu: add error handle to avoid out-of-bounds
7d12e918f299 media: lgdt3306a: Add a check against null-pointer-def
be0155202e43 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
2c66a89962a0 drm/sun4i: hdmi: Move mode_set into enable
8474d4b41617 drm/sun4i: hdmi: Convert encoder to atomic
68de50dc581c selftests: net: List helper scripts in TEST_FILES Makefile variable
d7e2ad42a056 selftests: net: included needed helper in the install targets
a38459118746 selftests/net: synchronize udpgro tests' tx and rx connection
461db4b51c29 vxlan: Fix regression when dropping packets due to invalid src addresses
417dbd7be383 mm: ratelimit stat flush from workingset shrinker
15cc248e7efa erofs: avoid allocating DEFLATE streams before mounting
184873af8791 mptcp: fix full TCP keep-alive support
89e11fe49fee mptcp: cleanup SOL_TCP handling
41089d9c8a45 mptcp: avoid some duplicate code in socket option handling
0af20700561e riscv: signal: handle syscall restart before get_signal
9399baa02e4b net: sfp-bus: fix SFP mode detect from bitrate
ed2d2ead1779 afs: Don't cross .backup mountpoint from backup volume
b8d50770ec03 mmc: core: Do not force a retune before RPMB switch
cfa73607eb21 drm/i915/hwmon: Get rid of devm
140cf97204b5 Linux 6.6.33
c273cae03895 riscv: stacktrace: fixed walk_stackframe()
3090c06d50ea riscv: prevent pt_regs corruption for secondary idle threads
af628d43a822 SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
c775ffab3e53 f2fs: use f2fs_{err,info}_ratelimited() for cleanup
4647876e7e4e f2fs: write missing last sum blk of file pinning section
98ed486436a0 perf sched timehist: Fix -g/--call-graph option failure
fdc455cd0204 drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible
2948c1e5d5f4 media: vsp1: Remove unbalanced .s_stream(0) calls
c353aa21f256 nouveau: report byte usage in VRAM usage.
d0afcca9ced4 RDMA/bnxt_re: Fix the sparse warnings
f33052802e3d perf evlist: Add perf_evlist__go_system_wide() helper
95e33c0f617b perf util: Add a function for replacing characters in a string
1a705491f35c platform/x86/intel-uncore-freq: Don't present root domain on error
31729546c144 platform/x86/intel/tpmi: Handle error from tpmi_process_info()
59f86a290838 genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
66c92af813bc KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID
d6873acc3e09 x86/pci: Skip early E820 check for ECAM region
9dce01f386c9 efi: libstub: only free priv.runtime_map when allocated
2a2f9b87c477 x86/efistub: Omit physical KASLR when memory reservations exist
2c95241ac5fc ALSA: timer: Set lower bound of start tick time
b7c4ef7ba313 ALSA: seq: ump: Fix swapped song position pointer data
e67cae4255e9 hwmon: (shtc1) Fix property misspelling
d800e1868f3d hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor
e0216316828f drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel
042adfbfe8dc drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel
442b5ee91a5e drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel
81c52c0ccc6a powerpc/pseries/lparcfg: drop error message from guest name lookup
5f1b01a8c8a5 ALSA: seq: Fix yet another spot for system message conversion
54213c09801e ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
659ef6fd4934 net: ena: Fix redundant device NUMA node override
26668c2d449d net: ena: Reduce lines with longer column width boundary
f826701d02f8 net: dsa: microchip: fix RGMII error in KSZ DSA driver
2c2e3247e898 spi: stm32: Don't warn about spurious interrupts
db9312853608 kheaders: use `command -v` to test for existence of `cpio`
0b01a41e2ce4 drm/i915/gt: Fix CCS id's calculation for CCS mode setting
d154613d2b3d drm/i915/guc: avoid FIELD_PREP warning
2b6e818fc609 kconfig: fix comparison to constant symbols, 'm', 'n'
b939d1e04a90 net/sched: taprio: extend minimum interval restriction to entire cycle too
aa311596411b net/sched: taprio: make q->picos_per_byte available to fill_sched_entry()
61134e41db23 netfilter: nft_fib: allow from forward/input without iif selector
570b4c52096e netfilter: tproxy: bail out if IP has been disabled on the device
c4f77480e569 netfilter: nft_payload: skbuff vlan metadata mangle support
75bc6bc559b9 net: ti: icssg-prueth: Fix start counter for ft1 filter
4448b5eaab86 ALSA: seq: Don't clear bank selection at event -> UMP MIDI2 conversion
5c3df8c4f45b ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion
562f8862baea selftests: mptcp: join: mark 'fail' tests as flaky
99ac814eb13f selftests: mptcp: add ms units for tc-netem delay
052c9f0c140c selftests: mptcp: simult flows: mark 'unbalanced' tests as flaky
71e61511c3a5 ice: fix accounting if a VLAN already exists
98101ca23a35 net: micrel: Fix lan8841_config_intr after getting out of sleep mode
f0c58df7719f net:fec: Add fec_enet_deinit()
000a65bf1dc0 bpf: Allow delete from sockmap/sockhash only if update is allowed
5da6d51d4837 ASoC: cs42l43: Only restrict 44.1kHz for the ASP
ec361a0ffc33 net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
208d04341c8f Octeontx2-pf: Free send queue buffers incase of leaf to inner
ac325c7f8944 af_unix: Read sk->sk_hash under bindlock during bind().
302fe8dd147b af_unix: Annotate data-race around unix_sk(sk)->addr.
f6638e955ca0 enic: Validate length of nl attributes in enic_set_vf_port
07bbe6668e1e ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
cb9c2bd4ec8c ALSA: core: Remove debugfs at disconnection
b26e0fa2cf8c ALSA: jack: Use guard() for locking
f58eec14685a bpf: Fix potential integer overflow in resolve_btfids
a4ee78244445 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
de1a0a2d9db8 net/mlx5e: Fix UDP GSO for encapsulated packets
33933f006d2e net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
aa60de63fdd1 net/mlx5e: Fix IPsec tunnel mode offload feature check
b0a15cde37a8 net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
fb035aa9a3f8 net/mlx5: Fix MTMP register capability offset in MCAM register
e5bdf4eeeb1d net/mlx5: Lag, do bond only if slaves agree on roce state
07327fcbec97 net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
dedc1dfaa6df drm/amd/display: Enable colorspace property for MST connectors
ca3b4293dcca nvmet: fix ns enable/disable possible hang
36989c682505 nvme-multipath: fix io accounting on failover
87d78f7eb76b nvme-tcp: add definitions for TLS cipher suites
5a91116b0031 dma-mapping: benchmark: handle NUMA_NO_NODE correctly
34a816d8735f dma-mapping: benchmark: fix node id validation
856dc7eb7fbc dma-mapping: benchmark: fix up kthread-related error handling
a9da6ddaef9e kthread: add kthread_stop_put
1b5234b2241a spi: Don't mark message DMA mapped when no transfer in it is
0889e6f20986 netfilter: nft_payload: restore vlan q-in-q match support
5278e4354a5b netfilter: ipset: Add list flush to cancel_gc
8f365564af89 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
1547183852dc tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
ad4b202da2c4 tracing/probes: fix error check in parse_btf_field()
c3e439cb04cf kasan, fortify: properly rename memintrinsics
d346e1475703 ice: Interpret .set_channels() input differently
e155741ec4f5 drivers/xen: Improve the late XenStore init protocol
46e72ebc6b35 nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
87bdc9f6f58b net: relax socket state check at accept time.
ab67c2fd3d07 tls: fix missing memory barrier in tls_init
d470a8090476 net: fec: avoid lock evasion when reading pps_enable
11f1fb814994 Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
20da5bfd669b i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame
3dc730aa1b1e i3c: master: svc: return actual transfer data len
46fb7121fc42 i3c: master: svc: rename read_len as actual_len
fe52ab31f050 i3c: add actual_len in i3c_priv_xfer
04207a9c64e0 virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
7871f32b4564 net: lan966x: Remove ptp traps in case the ptp is not enabled.
c5caa03d86a7 rv: Update rv_en(dis)able_monitor doc to match kernel-doc
9f2ad88f9b34 arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
69c47b3763af openvswitch: Set the skbuff pkt_type for proper pmtud support.
ae08aea3f517 pNFS/filelayout: fixup pNfs allocation modes
02261d3f9dc7 tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
ef633ecb5452 regulator: tps6594-regulator: Correct multi-phase configuration
0e44d6cbe8de ipv6: sr: fix memleak in seg6_hmac_init_algo
d59ae9314b97 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
35db7c9d01d9 regulator: tps6287x: Force writing VSEL bit
f46695d3b08e regulator: pickable ranges: don't always cache vsel
706dff4ff7a4 rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
f3a8f8670fa6 sunrpc: fix NFSACL RPC retry on soft mount
511811a7d39c nfs: keep server info for remounts
0d317bcf81a1 NFSv4: Fixup smatch warning for ambiguous return
57847c2ec5fb ASoC: tas2781: Fix wrong loading calibrated data sequence
92503b5caab6 ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
e53a7f8afcbd nfc: nci: Fix uninit-value in nci_rx_work
f354dc8c7d32 selftests: net: kill smcrouted in the cleanup logic in amt.sh
f4df8c7670a7 ipv6: sr: fix missing sk_buff release in seg6_input_core
521d21fa65cb net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
1d95dbaa6ee7 x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
3a487e3cab05 perf/arm-dmc620: Fix lockdep assert in ->event_init()
01f5809c78e6 xen/x86: add extra pages to unpopulated-alloc if available
d08e87998339 regulator: bd71828: Don't overwrite runtime voltages
b1bee9931287 blk-cgroup: Properly propagate the iostat update up the hierarchy
714e59b5456e blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
d4a60298ac34 blk-cgroup: fix list corruption from resetting io stat
3652ac87c993 drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations
6446c1ca2dd2 nouveau: add an ioctl to report vram usage
929eaf32dde4 nouveau: add an ioctl to return vram bar size.
38c2fd9aeddc ASoC: mediatek: mt8192: fix register configuration for tdm
9054c474f9c2 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
f95fde17ed53 ALSA: hda: cs35l56: Initialize all ASP1 registers
3fd715d61716 ASoC: cs35l56: Fix to ensure ASP1 registers match cache
6e359be49750 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
1b5cfb411b73 null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
2d062f7468c8 ASoC: tas2781: Fix a warning reported by robot kernel test
a1955a6df913 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
2a09eb7e36cc selftests/powerpc/dexcr: Add -no-pie to hashchk tests
6ead3eccf67b drm: zynqmp_dpsub: Always register bridge
f33888b9b686 Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
89af84e6514a media: cec: core: avoid confusing "transmit timed out" message
1af4790bc117 media: cec: core: avoid recursive cec_claim_log_addrs
cceda163b711 media: cec: cec-api: add locking in cec_release()
8f40b92f5480 media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
75aafce64a3a media: sunxi: a83-mips-csi2: also select GENERIC_PHY
24b9362c9fa5 cxl/region: Fix cxlr_pmem leaks
d5ac654babea cxl/trace: Correct DPA field masks for general_media & dram events
8a328396a5fb um: Fix the declaration of kasan_map_memory
a5cd85608738 um: Fix the -Wmissing-prototypes warning for get_thread_reg
59e34e390cfd um: Fix the -Wmissing-prototypes warning for __switch_mm
adb1c558c610 powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
3d50e4cef2e6 media: flexcop-usb: fix sanity check of bNumEndpoints
408facc7965e platform/x86: thinkpad_acpi: Take hotkey_mutex during hotkey_exit()
ec653f4474d7 tools/arch/x86/intel_sdsi: Fix meter_certificate decoding
8af4923b045b tools/arch/x86/intel_sdsi: Fix meter_show display
42adfac5d2c7 tools/arch/x86/intel_sdsi: Fix maximum meter bundle length
c73d3273272b media: mediatek: vcodec: fix possible unbalanced PM counter
f29a42642069 media: mediatek: vcodec: add encoder power management helper functions
19bd9537b6bc drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
bdd5bbe96782 drm/amdgpu: init microcode chip name from ip versions
a4c638ab2578 Input: cyapa - add missing input core locking to suspend/resume functions
d410017a7181 media: stk1160: fix bounds checking in stk1160_copy_video()
3fe7b95312b3 drm/bridge: tc358775: fix support for jeida-18 and jeida-24
873f67699114 drm/msm/dpu: Add callback function pointer check before its call
04c2fca45506 drm/msm/dpu: stop using raw IRQ indices in the kernel output
3bbe257c466f drm/msm/dpu: make the irq table size static
a70ce2bb1d46 drm/msm/dpu: add helper to get IRQ-related data
186a82662d13 drm/msm/dpu: extract dpu_core_irq_is_valid() helper
50cf1608f184 drm/msm/dpu: remove irq_idx argument from IRQ callbacks
1fe1c9dc21ee fs/ntfs3: Use variable length array instead of fixed size
109d85a98345 fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
6c8054d59066 fs/ntfs3: Check 'folio' pointer for NULL
92ce7359f988 um: vector: fix bpfflash parameter evaluation
434a06c38ee1 um: Add winch to winch_handlers before registering winch IRQ
e98f29bf0b5f um: Fix return value in ubd_init()
900d54bced61 drm/meson: gate px_clk when setting rate
22432baba48a drm/mediatek: dp: Fix mtk_dp_aux_transfer return value
3f388ca6a434 drm/msm/dpu: Always flush the slave INTF on the CTL
01d8692b0c34 drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk
755575a42c4f media: ov2680: Do not fail if data-lanes property is absent
08754dd758d5 media: ov2680: Allow probing if link-frequencies is absent
a7e0a70ac6d3 media: ov2680: Clear the 'ret' variable on success
9a496f7d1828 media: v4l: Don't turn on privacy LED if streamon fails
35556d0e1c61 media: v4l2-subdev: Document and enforce .s_stream() requirements
4031c57f024a Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
063d89156f2d mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
2b8d2a6e5363 mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
3433a340630e mmc: sdhci_am654: Add OTAP/ITAP delay enable
3525baf3a929 mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
fa9a2c696ad1 mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
57205cf9c18a mmc: sdhci_am654: Add tuning algorithm for delay chain
b003b8c15cbb Input: ims-pcu - fix printf string overflow
69f245b86cef dt-bindings: adc: axi-adc: add clocks property
a291998f8a09 dt-bindings: adc: axi-adc: update bindings for backend framework
51a2049a2c08 eventfs: Have "events" directory get permissions from its parent
281eaee393c7 eventfs: Free all of the eventfs_inode after RCU
14aa4f3efc6e eventfs/tracing: Add callback for release of an eventfs_inode
e5c80b23523b eventfs: Create eventfs_root_inode to store dentry
11244a432850 serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
f0eb53ffd8d9 serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
c6fecd07435f misc/pvpanic-pci: register attributes via pci_driver
e9194a954c44 misc/pvpanic: deduplicate common code
f68f3e3f5c9c iio: accel: mxc4005: Reset chip on probe() and resume()
43424f70535b iio: accel: mxc4005: allow module autoloading via OF compatible
e26405d5b266 eventfs: Do not differentiate the toplevel events directory
64a9a930afe9 drm/amd/display: Revert Remove pixle rate limit for subvp
242f11be47ab drm/amd/display: Remove pixle rate limit for subvp
cb9f455e27ed gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match
b3b8ba37529c dt-bindings: PCI: rockchip,rk3399-pcie: Add missing maxItems to ep-gpios
916cf5d6ae97 s390/boot: Remove alt_stfle_fac_list from decompressor
2102692eb23f s390/ipl: Fix incorrect initialization of nvme dump block
b34ea5b97561 s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
2028823f1d71 s390/vdso: Use standard stack frame layout
0e035cb818c5 s390/vdso: Create .build-id links for unstripped vdso files
07423c9b4375 kbuild: fix build ID symlinks to installed debug VDSO files
adacfc6dec4c kbuild: unify vdso_install rules
a422869153dd s390/vdso: Generate unwind information for C modules
6bd72dd0f70c s390/vdso64: filter out munaligned-symbols flag for vdso
379ec9d95c89 LoongArch: Fix callchain parse error with kernel tracepoint events again
5af155f9b168 perf pmu: Count sys and cpuid JSON events separately
4ac93db3dd4d perf pmu: Assume sysfs events are always the same case
930e16ac95b0 perf tools: Add/use PMU reverse lookup from config to name
923b83bc8692 perf tools: Use pmus to describe type from attribute
c5aaeae250d3 perf pmu: "Compat" supports regular expression matching identifiers
f989dc009070 perf pmu: Move pmu__find_core_pmu() to pmus.c
d37e53e8c826 perf test: Add a test for strcmp_cpuid_str() expression
a46c6144117a perf stat: Don't display metric header for non-leader uncore events
7723485af6de usb: fotg210: Add missing kernel doc description
f0cdc3e248e3 f2fs: fix to add missing iput() in gc_data_segment()
1003d16ea271 perf daemon: Fix file leak in daemon_session__control
c546fef47cd5 libsubcmd: Fix parse-options memory leak
70d6dca40318 serial: sh-sci: protect invalidating RXDMA on shutdown
9f9341064a9b f2fs: compress: don't allow unaligned truncation on released compress inode
8d2fc8ae670a f2fs: fix to release node block count in error path of f2fs_new_node_page()
329edb7c9e3b f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
81c975902b15 f2fs: compress: fix error path of inc_valid_block_count()
b8a742a8bd6d f2fs: introduce get_available_block_count() for cleanup
5f8e5a096e2b f2fs: deprecate io_bits
92b24f04d3e5 f2fs: compress: fix to update i_compr_blocks correctly
9ec45f857a01 perf symbols: Fix ownership of string in dso__load_vmlinux()
c3cc46563103 perf maps: Move symbol maps functions to maps.c
c5314cfa9287 perf thread: Fixes to thread__new() related to initializing comm
9029a775f0d7 perf report: Avoid SEGV in report__setup_sample_type()
e50576c7e61f perf ui browser: Avoid SEGV on title
6902179a415a f2fs: fix block migration when section is not aligned to pow2
40d76c393cca f2fs: support file pinning for zoned devices
066cec37094d f2fs: kill heap-based allocation
61330214b227 f2fs: separate f2fs_gc_range() to use GC for a range
f0248ba6b640 f2fs: use BLKS_PER_SEG, BLKS_PER_SEC, and SEGS_PER_SEC
42d48304f64e f2fs: support printk_ratelimited() in f2fs_printk()
6496d63a1641 f2fs: Clean up errors in segment.h
e02a267a69aa PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
84ae90ba37c1 PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
787b7ddf434f dt-bindings: spmi: hisilicon,hisi-spmi-controller: fix binding references
913a00ec6b09 extcon: max8997: select IRQ_DOMAIN instead of depending on it
a8860002cae5 perf ui browser: Don't save pointer to stack memory
88b88dd7d8c2 perf bench internals inject-build-id: Fix trap divide when collecting just one DSO
cd99864e1f7f i2c: synquacer: Fix an error handling path in synquacer_i2c_probe()
bb220136ae51 i2c: cadence: Avoid fifo clear after start
ec3468221efe ppdev: Add an error check in register_device
b596340b8552 ppdev: Remove usage of the deprecated ida_simple_xx() API
370c480410f6 stm class: Fix a double free in stm_register_device()
4e125b96e333 usb: gadget: u_audio: Clear uac pointer when freed.
453d3fa9266e usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
9eb15f24a0b9 dmaengine: idxd: Avoid unnecessary destruction of file_ida
4ef5468e84d5 dt-bindings: phy: qcom,usb-snps-femto-v2: use correct fallback for sc8180x
6357221b68e0 dt-bindings: phy: qcom,sc8280xp-qmp-ufs-phy: fix msm899[68] power-domains
dc14f0a2c61b watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
d47f51eb1fc3 watchdog: bd9576: Drop "always-running" property
9b1c063ffc07 watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
cd283810f6ae pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs
dedf17b3af39 dt-bindings: pinctrl: mediatek: mt7622: fix array properties
6954ae017718 VMCI: Fix an error handling path in vmci_guest_probe_device()
b5f31d1470c4 PCI: of_property: Return error for int_map allocation failure
97ba21401b89 ovl: remove upper umask handling from ovl_create_upper()
034968dbd867 leds: pwm: Disable PWM when going to suspend
a10c3d5ff9a3 pwm: Rename pwm_apply_state() to pwm_apply_might_sleep()
6bb1efff9b17 perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer)
0053891e2f4f PCI: Wait for Link Training==0 before starting Link retrain
65ce3fad7d59 microblaze: Remove early printk call from cpuinfo-static.c
6240bd8981c6 microblaze: Remove gcc flag for non existing early_printk.c file
a758e99cd644 udf: Convert udf_expand_file_adinicb() to use a folio
7745b1b785aa udf: Remove GFP_NOFS allocation in udf_expand_file_adinicb()
4d7d12b643c0 fpga: region: add owner module and take its refcount
0bd22a4966d5 vfio/pci: fix potential memory leak in vfio_intx_enable()
e642622550c8 i915: make inject_virtual_interrupt() void
bb6f7de21d4c coresight: etm4x: Fix access to resource selector registers
3840a3f37a67 coresight: etm4x: Safe access for TRCQCLTR
0c575997dee0 coresight: etm4x: Do not save/restore Data trace control registers
42f016cd8593 coresight: etm4x: Do not hardcode IOMEM access for register restore
720d27664d7c iio: adc: adi-axi-adc: only error out in major version mismatch
d3513f1261a0 iio: adc: adi-axi-adc: move to backend framework
184b2967d578 iio: adc: ad9467: convert to backend framework
5fc4f0c01cb2 iio: add the IIO backend framework
e1fc56c40068 iio: buffer-dmaengine: export buffer alloc and free functions
b70042e4dc7f iio: adc: adi-axi-adc: convert to regmap
864b42f8b3f3 iio: adc: ad9467: use chip_info variables instead of array
a679a40bd2ec iio: adc: ad9467: use spi_get_device_match_data()
08f5bd2032c0 iio: pressure: dps310: support negative temperature values
d3ced099f31d perf test shell arm_coresight: Increase buffer size for Coresight basic tests
e61cb35f56f9 perf docs: Document bpf event modifier
0688c4f7c5e8 coresight: etm4x: Fix unbalanced pm_runtime_enable()
1083681ea208 riscv: dts: starfive: visionfive 2: Remove non-existing TDM hardware
1145fda91f70 iio: adc: stm32: Fixing err code to not indicate success
f84122681853 f2fs: fix to check pinfile flag in f2fs_move_file_range()
5632bdb4e9be f2fs: fix to relocate check condition in f2fs_fallocate()
116d824f953a f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file()
1d59aa23a3fa f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
ff9504c045b5 perf bench uprobe: Remove lib64 from libc.so.6 binary path
f56632928a6d dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
479e4daae636 dt-bindings: PCI: rcar-pci-host: Add optional regulators
829afc132f63 perf record: Fix debug message placement for test consumption
aa4158e31612 perf record: Move setting tracking events before record__init_thread_masks()
e024e98e81f9 perf evlist: Add evlist__findnew_tracking_event() helper
28a50a15d1b8 perf tests: Apply attributes to all events in object code reading test
fca6659b4edc perf tests: Make "test data symbol" more robust on Neoverse N1
bf386f268b29 arm64: dts: meson: fix S4 power-controller node
e21a398d22e6 interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
28f5a08600d0 module: don't ignore sysfs_create_link() failures
3431d265eab2 serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
967cb01d0a80 PCI: tegra194: Fix probe path for Endpoint mode
46c6fc133dc1 greybus: arche-ctrl: move device table to its right location
749603af8faa serial: max3100: Fix bitwise types
e8a10089eddb serial: max3100: Update uart_driver_registered on driver removal
93df2fba6c7d serial: max3100: Lock port->lock when calling uart_handle_cts_change()
73c6ddb499bb perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline()
80e06e547d42 perf annotate: Use global annotation_options
1157abdc2e03 perf top: Convert to the global annotation_options
e0af85d60b7a perf report: Convert to the global annotation_options
dfd02119aef9 perf annotate: Introduce global annotation_options
260de04387c0 perf annotate: Split branch stack cycles information out of 'struct annotation_line'
4ddf437cae2c perf machine thread: Remove exited threads by default
7adc363bc29e perf record: Lazy load kernel symbols
1f428149492f firmware: dmi-id: add a release callback function
59767d1e3019 dmaengine: idma64: Add check for dma_set_max_seg_size
7eeef1e935d2 soundwire: cadence: fix invalid PDI offset
6ee4ad5dfb15 perf stat: Do not fail on metrics on s390 z/VM systems
32f615e0a580 usb: typec: ucsi: simplify partner's PD caps registration
ad864c123b7a usb: typec: ucsi: always register a link to USB PD device
1ec229afd45c perf annotate: Get rid of duplicate --group option item
30dc493b8195 counter: linux/counter.h: fix Excess kernel-doc description warning
d7c4081c54a1 fpga: bridge: add owner module and take its refcount
2da62a139a62 fpga: manager: add owner module and take its refcount
4b3609e6c805 f2fs: fix to wait on page writeback in __clone_blkaddrs()
2b2611a42462 f2fs: multidev: fix to recognize valid zero block address
ac12df6b9729 phy: qcom: qmp-combo: fix duplicate return in qmp_v4_configure_dp_phy
518e2c46b5db greybus: lights: check return of get_channel_from_mode
fe92a949b264 iio: core: Leave private pointer NULL when no private data supplied
5c53a28ab253 perf probe: Add missing libgen.h header needed for using basename()
834e603dbe28 perf record: Delete session after stopping sideband thread
2f593fd9d3cc net: wangxun: fix to change Rx features
941e1c6d8683 sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write()
4d9d099ab291 sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
ee3577c5d33c af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
f28bdc2ee5d9 netrom: fix possible dead-lock in nr_rt_ioctl()
57fa96c04ef9 net: qrtr: ns: Fix module refcnt
4488617e5e99 net: bridge: mst: fix vlan use-after-free
76282afa17e9 selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval
1abb37114790 net: bridge: xmit: make sure we have at least eth header len bytes
00ea83bfb496 modules: Drop the .export_symbol section from the final modules
4aa2d5fd7ee0 tracing/user_events: Fix non-spaced field matching
4c40e1b76e6e tracing/user_events: Prepare find/delete for same name events
2fc3d0ac097b tracing/user_events: Allow events to persist for perfmon_capable users
3eb127dc408b RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw
e011ea687f2f RDMA/IPoIB: Fix format truncation compilation errors
382494aa8881 selftests/kcmp: remove unused open mode
c1d8c429e4d2 SUNRPC: Fix gss_free_in_token_pages()
a658f011d89d bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
29feea56dedf RDMA/bnxt_re: Adds MSN table capability for Gen P7 adapters
9a54460b3394 RDMA/bnxt_re: Update the HW interface definitions
e300b1b95c93 RDMA/bnxt_re: Remove roundup_pow_of_two depth for all hardware queue resources
f52e649e933a RDMA/bnxt_re: Refactor the queue index update
0b0d5701a8bf of: module: add buffer overflow check in of_modalias()
370a86dc97ef ext4: remove the redundant folio_wait_stable()
07fa88b0f340 ext4: fix potential unnitialized variable
f4fb561d52e1 sunrpc: removed redundant procp check
e873f36ec890 drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
d5c75ededb2d virt: acrn: stop using follow_pfn
c7cca4c61f44 ext4: avoid excessive credit estimate in ext4_tmpfile()
caaee1b858c2 x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS
3d22be008bd1 x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
6973cb78f0ca clk: qcom: mmcc-msm8998: fix venus clock issue
631c54f07d78 clk: qcom: dispcc-sm8550: fix DisplayPort clocks
e91d89de5e71 clk: qcom: dispcc-sm6350: fix DisplayPort clocks
7ef714778dd0 clk: qcom: dispcc-sm8450: fix DisplayPort clocks
65e528a69cb3 lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
6d06fc4edfb0 clk: renesas: r9a07g043: Add clock and reset entry for PLIC
6c7455605a30 clk: renesas: r8a779a0: Fix CANFD parent clock
8696be3a5f66 IB/mlx5: Use __iowrite64_copy() for write combining stores
03ff3e23adca RDMA/rxe: Fix incorrect rxe_put in error path
13c7bb72d372 RDMA/rxe: Allow good work requests to be executed
21b4c6d4d890 RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
63cbb3e7044f clk: qcom: clk-alpha-pll: remove invalid Stromer register offset
1a91f05ca280 clk: rs9: fix wrong default value for clock amplitude
dd4b239184ee clk: mediatek: mt8365-mm: fix DPI0 parent
6f541a89ced8 RDMA/hns: Modify the print level of CQE error
571f79eb1aae RDMA/hns: Use complete parentheses in macros
b7f2f6d227ce RDMA/hns: Fix GMV table pagesize
63da190eeb5c RDMA/hns: Fix UAF for cq async event
22c915af31bd RDMA/hns: Fix deadlock on SRQ async events.
db415a39ffdb RDMA/hns: Fix return value in hns_roce_map_mr_sg
6b4f69399291 iommu: Undo pasid attachment only for the devices that have succeeded
888b03fcd122 clk: mediatek: pllfh: Don't log error for missing fhctl node
499569c8ab7f RDMA/mlx5: Adding remote atomic access flag to updatable flags
5880d8ca57d5 RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent
73c5f64cfa85 clk: samsung: exynosautov9: fix wrong pll clock id value
205b6dd5b799 media: cadence: csi2rx: configure DPHY before starting source stream
6040fcea4605 drm/edid: Parse topology block for all DispID structure v1.x
b4c508666981 drm/rockchip: vop2: Do not divide height twice for YUV
4b3421c2f6f8 media: uvcvideo: Add quirk for Logitech Rally Bar
dda6efae161d drm/mipi-dsi: use correct return type for the DSC functions
04b001fa8b79 drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
bd4fb19e33c8 drm/bridge: anx7625: Update audio status while detecting
587acea97512 drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found
7962ae5aadd5 drm/bridge: dpc3433: Don't log an error when DSI host can't be found
52334bb44f10 drm/bridge: tc358775: Don't log an error when DSI host can't be found
30cb32c7ec5e drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
ae2ac0aef901 drm/bridge: lt9611: Don't log an error when DSI host can't be found
95b5eba76efe drm/bridge: lt8912b: Don't log an error when DSI host can't be found
95f959193c32 drm/bridge: icn6211: Don't log an error when DSI host can't be found
4486576578db drm/bridge: anx7625: Don't log an error when DSI host can't be found
656fb206aee2 ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
42c22b63056c drm: vc4: Fix possible null pointer dereference
335cc45ef2b8 drm/arm/malidp: fix a possible null pointer dereference
cc20c87b04db media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
1cc6b956ad36 fbdev: sh7760fb: allow modular build
983e91ad759e media: v4l2-subdev: Fix stream handling for crop API
c1a3803e5bb9 media: i2c: et8ek8: Don't strip remove function when driver is builtin
dd271f136601 media: dt-bindings: ovti,ov2680: Fix the power supply names
db572c397399 media: ipu3-cio2: Request IRQ earlier
525be5dc8ee0 drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected
554484e46383 drm/msm/dp: allow voltage swing / pre emphasis of 3
dcf53e6103b2 drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
0f070f0c3b54 media: radio-shark2: Avoid led_names truncations
d8076c9e02bb media: rcar-vin: work around -Wenum-compare-conditional warning
f987b53c28eb media: ngene: Add dvb_ca_en50221_init return value check
750e384b9b7b ASoC: Intel: avs: Test result of avs_get_module_entry()
a1780d8a7c26 ASoC: Intel: avs: Fix potential integer overflow
7976b78631ee ASoC: Intel: avs: Fix ASRC module initialization
c81b6d64962a selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate
be84945440c9 fbdev: sisfb: hide unused variables
28049d5a74a8 ASoC: SOF: Intel: mtl: Implement firmware boot state check
f0bf72d1b49e ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed
02be4ce0d0be ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails
6bdadbee34d9 ASoC: SOF: Intel: lnl: Correct rom_status_reg
8aeb3dc8b3cd ASoC: SOF: Intel: mtl: Correct rom_status_reg
368017b1bff7 ASoC: SOF: Intel: pci-mtl: fix ARL-S definitions
1ef8f0b414ce ASoC: SOF: Intel: pci-mtl: use ARL specific firmware definitions
46c15b7130fe ASoC: Intel: common: add ACPI matching tables for Arrow Lake
f0b4617d80c3 powerpc/fsl-soc: hide unused const variable
af26ea99019c drm/mediatek: Add 0 size check to mtk_drm_gem_obj
d5689998a093 drm/meson: vclk: fix calculation of 59.94 fractional rates
1a7254525ca7 ASoC: kirkwood: Fix potential NULL dereference
4a1dc9721275 fbdev: shmobile: fix snprintf truncation
87b8dca6e06f ASoC: mediatek: Assign dummy when codec not specified for a DAI link
9ceb5bd746e1 mtd: rawnand: hynix: fixed typo
adbd5da08ec6 mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add()
a6498eac492b ASoC: Intel: avs: ssm4567: Do not ignore route checks
48f3fe137323 ASoC: Intel: Disable route checks for Skylake boards
4e8c8b37ee84 drm/amd/display: Fix potential index out of bounds in color transformation function
859da9472b4f drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert
9429b12dfcbd drm/dp: Don't attempt AUX transfers when eDP panels are not powered
e71399aa6ce1 drm/lcdif: Do not disable clocks on already suspended hardware
fc49f4d1a15f dev_printk: Add and use dev_no_printk()
34d80802cb8e printk: Let no_printk() use _printk()
5fdc39e02494 drm/omapdrm: Fix console with deferred ops
c00e8fd74950 fbdev: Provide I/O-memory helpers as module
e79f933ad162 drm/omapdrm: Fix console by implementing fb_dirty
ec1723175a5f drm/ci: update device type for volteer devices
aa03f049d453 drm/ci: add subset-1-gfx to LAVA_TAGS and adjust shards
101bbe559da5 drm/ci: uprev mesa version: fix container build & crosvm
45755ef11f03 drm/bridge: Fix improper bridge init order with pre_enable_prev_first
5af2e235b0d5 Bluetooth: HCI: Remove HCI_AMP support
75d7ac5e225e Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS
0a8af30a8672 Bluetooth: Remove usage of the deprecated ida_simple_xx() API
f03d3322a785 Bluetooth: ISO: Fix BIS cleanup
dfde465d8907 Bluetooth: qca: Fix error code in qca_read_fw_build_info()
e231034377bc Bluetooth: compute LE flow credits based on recvbuf space
3ddf170e4a60 net: micrel: Fix receiving the timestamp in the frame for lan8841
5f9d2dcf7130 mptcp: SO_KEEPALIVE: fix getsockopt support
d38625f71950 net: fec: remove .ndo_poll_controller to avoid deadlocks
965d940fb741 ax25: Fix reference count leak issue of net_device
38eb01edfdaa ax25: Fix reference count leak issues of ax25_dev
39da6f09e110 ax25: Use kernel universal linked list to implement ax25_dev_list
a1bf04458311 riscv, bpf: make some atomic operations fully ordered
46f17e7d4fb5 s390/bpf: Emit a barrier for BPF_FETCH instructions
1337ec94bc5a net/mlx5: Discard command completions in internal error
f9caccdd42e9 net/mlx5: Add a timeout to acquire the command queue semaphore
e93fc8d959e5 net/mlx5: Reload only IB representors upon lag disable/enable
66a5f6e09c63 net/mlx5: Enable 4 ports multiport E-switch
3398a40dccb8 ipv6: sr: fix invalid unregister error path
6c6b74edc911 ipv6: sr: fix incorrect unregister order
58fd673b0532 ipv6: sr: add missing seg6_local_exit
78741b4caae1 net: openvswitch: fix overwriting ct original tuple for ICMPv6
108ec8bf6483 net: usb: smsc95xx: stop lying about skb->truesize
0688d4e499be af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
8f6f82d6a205 net: ethernet: cortina: Locking fixes
1ebaa96f97cd selftests: net: move amt to socat for better compatibility
9d601b81f1fc selftests: net: add missing config for amt.sh
229d4a32b53e selftests: net: add more missing kernel config
5de5aeb98f9a eth: sungem: remove .ndo_poll_controller to avoid deadlocks
11dd90c11ad0 net: ipv6: fix wrong start position when receive hop-by-hop fragment
68d38724cf53 m68k: mac: Fix reboot hang on Mac IIci
f3baf0f4f92a m68k: Fix spinlock race in kernel thread creation
979d764ebdcd net: usb: sr9700: stop lying about skb->truesize
80cb2f61a613 usb: aqc111: stop lying about skb->truesize
18f59aab33bc HID: amd_sfh: Handle "no sensors" in PM operations
9d08e7fd44ca wifi: mwl8k: initialize cmd->addr[] properly
db9214833e58 x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
4c62c6c8a006 kernel/numa.c: Move logging out of numa.h
0d5cfcede0c9 scsi: qla2xxx: Fix debugfs output for fw_resource_count
563e60927592 scsi: qedf: Ensure the copied buf is NUL terminated
204714e68015 scsi: bfa: Ensure the copied buf is NUL terminated
5386f6734dbc HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
c3ae972a22f2 selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect
1ec7ccb4cd4b kunit: Fix kthread reference
2d43d30aafb8 selftests: default to host arch for LLVM builds
381079197e80 selftests/resctrl: fix clang build failure: use LOCAL_HDRS
3af6ed233a60 selftests/binderfs: use the Makefile's rules, not Make's implicit rules
ed74398642fc wifi: nl80211: Avoid address calculations via out of bounds array indexing
166c9d2eef74 libbpf: Fix error message in attach_kprobe_multi
35e001ce8492 wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
bdd2255fcfe5 wifi: mt76: mt7603: fix tx queue of loopback packets
1f29d8571fa1 Revert "sh: Handle calling csum_partial with misaligned data"
78a12934b721 sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
6675c541f540 bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
b33a81e4ecfb wifi: ar5523: enable proper endpoint verification
39f8a29330f4 bpf: Fix verifier assumptions about socket->sk
62eb07923f36 wifi: carl9170: add a proper sanity check for endpoints
d43a8c7ec084 macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
7a44f4944b05 net: give more chances to rcu in netdev_wait_allrefs_any()
a7678a16c25b drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
be1fa711e59c drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
8e9aab249217 drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
a80814fe9181 pwm: sti: Simplify probe function using devm functions
cedd7e536935 pwm: sti: Prepare removing pwm_chip from driver data
00bb933578ac tcp: avoid premature drops in tcp_add_backlog()
a47027919d69 net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches
d1e3dc19d50f net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers
d0e874a34863 wifi: ath10k: populate board data for WCN3990
abd2e7118519 cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations
e1dcff6e299f scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search()
51929a8db813 selftests/bpf: Fix a fd leak in error paths in open_netns
e19681ae6cf9 gfs2: do_xmote fixes
b68b9dd723db gfs2: finish_xmote cleanup
d6b412c510ac gfs2: Rename gfs2_withdrawn to gfs2_withdrawing_or_withdrawn
7c2bc932b60d gfs2: Mark withdraws as unlikely
0636b34b4458 gfs2: Fix potential glock use-after-free on unmount
18dfb29644a4 gfs2: Remove ill-placed consistency check
d312fbf6a24e gfs2: No longer use 'extern' in function declarations
0db3b4e50241 gfs2: Rename gfs2_lookup_{ simple => meta }
9db1bdd71441 gfs2: Convert gfs2_internal_read to folios
d92445b23932 gfs2: Get rid of gfs2_alloc_blocks generation parameter
09f8c676e4b4 wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
55c54269fbd3 dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition
5b996de139b3 dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible
27cacfc0818f dt-bindings: thermal: loongson,ls2k-thermal: Fix binding check issues
2d5ca6e4a287 thermal/drivers/tsens: Fix null pointer dereference
95575de7dede wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
6ae55c7fa6be x86/purgatory: Switch to the position-independent small code model
6c6c0afd3510 scsi: hpsa: Fix allocation size for Scsi_Host private data
52c266b486ee scsi: libsas: Fix the failure of adding phy with zero-address to port
1ea06a34f79c wifi: iwlwifi: mvm: init vif works only once
f84b9b25d045 cppc_cpufreq: Fix possible null pointer dereference
c0ed9a711e33 openrisc: traps: Don't send signals to kernel mode threads
71d865be7c2f udp: Avoid call to compute_score on multiple sites
edcdeb8a4fdf x86/pat: Fix W^X violation false-positives when running as Xen PV guest
29681171ff21 x86/pat: Restructure _lookup_address_cpa()
308fba77bc23 x86/pat: Introduce lookup_address_in_pgd_attr()
3e99f060cfd2 cpufreq: exit() callback is optional
99f3af0a1afd tcp: increase the default TCP scaling ratio
ca19418abcf7 tcp: define initial scaling factor value as a macro
a7fba17a0596 selftests/bpf: Fix umount cgroup2 error in test_sockmap
dc03a3755358 x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
abea81e6a722 gfs2: Fix "ignore unlock failures after withdraw"
21d78e4c3661 gfs2: Don't forget to complete delayed withdraw
673f7120a6e5 ACPI: disable -Wstringop-truncation
acb5503dbb9c irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
a9bbafa46c16 irqchip/alpine-msi: Fix off-by-one in allocation error path
1d4e1fa2f29a locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128()
040c3a00247d ACPI: LPSS: Advertise number of chip selects via property
776bad0b1f63 scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
92374b6a5af1 scsi: ufs: core: Perform read back after disabling interrupts
bfd29d5ea6ea scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H
872f68019bc6 scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
8e5ede836b74 scsi: ufs: qcom: Perform read back after writing CGC enable
d2741b23b1b4 scsi: ufs: qcom: Perform read back after writing unipro mode
32402b2a9c0b scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
8f01dda10c65 scsi: ufs: qcom: Perform read back after writing reset bit
b17592380f9d bpf: prevent r10 register from being marked as precise
7a7d4237e338 bpf: Pack struct bpf_fib_lookup
f92aebf17026 bpftool: Mount bpffs on provided dir instead of parent dir
875864670982 wifi: carl9170: re-fix fortified-memset warning
bc236ebc2ab5 dlm: fix user space lock decision to copy lvb
0fdbbe7ee7f4 bitops: add missing prototype check
f3531ac07b4e mlx5: stop warning for 64KB pages
7dd2a9bb7b75 mlx5: avoid truncating error message
6541f8ea7623 qed: avoid truncating work queue length
997a53102a3b enetc: avoid truncating error message
c5202a38897d ACPI: Fix Generic Initiator Affinity _OSC bit
2bd572d421e3 sched/fair: Add EAS checks before updating root_domain::overutilized
c078f2b4921b wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask
f0fe67ca7550 wifi: iwlwifi: reconfigure TLC during HW restart
adde9190997e wifi: iwlwifi: mvm: select STA mask only for active links
29caa342391c wifi: iwlwifi: mvm: allocate STA links only for active links
6c166d1646ca wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok()
9fa391354a40 x86/boot: Ignore relocations in .notes sections in walk_relocs() too
22c3d94cd445 wifi: mt76: mt7915: workaround too long expansion sparse warnings
9cf8052afc94 wifi: ath12k: use correct flag field for 320 MHz channels
ba3647aa16ae bpftool: Fix missing pids during link show
424e5ac9761f wifi: ath11k: don't force enable power save on non-running vdevs
c37466406f07 wifi: brcmfmac: pcie: handle randbuf allocation failure
014e4e9275de wifi: ath10k: poll service ready message before failing
e5d98cc3311f block: support to account io_ticks precisely
99bbbd9aea05 block: fix and simplify blkdevparts= cmdline parsing
910717920c8c block: refine the EOF check in blkdev_iomap_begin
e8d340f80977 crypto: qat - specify firmware files for 402xx
c9566b812c8f md: fix resync softlockup when bitmap size is less than array size
1fc82121d038 lkdtm: Disable CFI checking for perms functions
fbadcde1572f soc: qcom: pmic_glink: Make client-lock non-sleeping
7880dbf4eafe kunit/fortify: Fix mismatched kvalloc()/vfree() usage
fe3a28db0361 null_blk: Fix missing mutex_destroy() at module removal
19e9452d731a soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
0cac39347f4e firmware: qcom: scm: Fix __scm and waitq completion variable initialization
8fc7934635bb soc: qcom: pmic_glink: notify clients about the current state
d02c6eb5d3df soc: qcom: pmic_glink: don't traverse clients list without a lock
840565b1351a s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests
b410a6c84d84 mm/userfaultfd: Do not place zeropages when zeropages are disallowed
f32f810dcc19 io-wq: write next_work before dropping acct_lock
af82d8d2179b jffs2: prevent xattr node from overflowing the eraseblock
c4f49d3fc18a ARM: configs: sunxi: Enable DRM_DW_HDMI
afb39909bfb5 rcu: Fix buffer overflow in print_cpu_stall_info()
32d988f48ed2 rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
1319dbd64b73 io_uring: use the right type for work_llist empty check
a750b846c136 s390/cio: fix tracepoint subchannel type field
b39d0d661752 crypto: x86/sha512-avx2 - add missing vzeroupper
1c5bce29d0d9 crypto: x86/sha256-avx2 - add missing vzeroupper
ba0aa694c332 crypto: x86/nh-avx2 - add missing vzeroupper
4e9293d660bf crypto: ccp - drop platform ifdef checks
45b92921759a parisc: add missing export of __cmpxchg_u8()
fd848dc7e2cf nilfs2: fix out-of-range warning
2ed750b7ae1b ecryptfs: Fix buffer size for tag 66 packet
25edcae667c3 firmware: raspberrypi: Use correct device for DMA mappings
d8c42a6e61d8 mm/slub, kunit: Use inverted data to corrupt kmem cache
d0f14ae223c2 crypto: bcm - Fix pointer arithmetic
d142957377c2 openpromfs: finish conversion to the new mount API
396bc5e54b4f nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
daa27fd2e17d ksmbd: fix uninitialized symbol 'share' in smb2_tree_connect()
4f65f4defe4e epoll: be better about file lifetimes
71de5fc303a7 nvmet: fix nvme status code when namespace is disabled
ae451994ba9c nvmet-tcp: fix possible memory leak when tearing down a controller
b6eaa53f95c2 nvme: cancel pending I/O if nvme controller is in terminal state
2ab74bf2827b nvmet-auth: replace pr_debug() with pr_err() to report an error.
57a23adbc4f7 nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
8871cab467a5 nvme: find numa distance only if controller has valid numa id
214301d0be27 x86/mm: Remove broken vsyscall emulation code from the page fault code
6c49ba4025ee drm/amdkfd: Flush the process wq before creating a kfd_process
de23d906b265 drm/amd/display: Disable seamless boot on 128b/132b encoding
fefcd1c75baf drm/amd/display: Fix DC mode screen flickering on DCN321
b6fab47b64f6 drm/amd/display: Add VCO speed parameter for DCN31 FPU
53a7d15331b0 drm/amd/display: Allocate zero bw after bw alloc enable
e0760e38474c drm/amd/display: Add dtbclk access to dcn315
422f3259ac65 drm/amdgpu: Fix VRAM memory accounting
cc73306bf4bb ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
9973c0587149 ASoC: da7219-aad: fix usage of device_get_named_child_node()
ae14ac3bc076 platform/x86: ISST: Add Grand Ridge to HPM CPU list
3a83d0d284b9 softirq: Fix suspicious RCU usage in __do_softirq()
107c893e0a5b ALSA: emu10k1: make E-MU FPGA writes potentially more reliable
af8dc212f74a bpf, x86: Fix PROBE_MEM runtime load check
37c275727aef fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
964794778606 Input: xpad - add support for ASUS ROG RAIKIRI
59e9cd63a528 KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF
02c36fe48100 ASoC: rt715-sdca: volume step modification
be91170bee15 ASoC: rt715: add vendor clear control register
91a0bd4e9c60 ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config
968f6983d41e regulator: vqmmc-ipq4019: fix module autoloading
5c0b06dca44b regulator: qcom-refgen: fix module autoloading
b084d3f57748 ASoC: rt722-sdca: add headset microphone vrefo setting
dace61d6dc59 ASoC: rt722-sdca: modify channel number to support 4 channels
b642f447cfde ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
7904b066296a ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
f6bb8d6c2a64 ASoC: acp: Support microphone from device Acer 315-24p
58872c444adc ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3
a73f1e25d581 ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot()
3ad4d29b6554 regulator: irq_helpers: duplicate IRQ name
08133330692c ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too
02580c6afd15 sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
1bb875147883 selftests: sud_test: return correct emulated syscall value on RISC-V
9208e9c8bd0f drm/etnaviv: fix tx clock gating on some GC7000 variants
b2959fdd3af2 LoongArch: Lately init pmu after smp is online
976b74fa6084 cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n
d4ed9984871c Revert "net: txgbe: fix clk_name exceed MAX_DEV_ID limits"
d6a2007376ca Revert "net: txgbe: fix i2c dev name cannot match clkdev"
39cfce75168c drm/amdgpu/mes: fix use-after-free issue
67aa2a7b83be drm/amdgpu: Fix the ring buffer size for queue VM flush
bdbb7611dd2e drm/amdkfd: Add VRAM accounting for SVM migration
7e1247995853 drm/amd/pm: Restore config space after reset
04cf241fe5e5 drm/amdgpu: Update BO eviction priorities
17f689f10fc0 drm/amd/display: Set color_mgmt_changed to true on unsuspend
85f0812b6d5c net: usb: qmi_wwan: add Telit FN920C04 compositions
ca2da54610f0 HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled
e26d4063d223 dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
125c0dcc000f wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
ea2121cdc7ab wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field
0cfadb49ef90 wifi: mac80211: don't use rate mask for scanning
09133f4b5651 KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
21c7e4587e29 KEYS: asymmetric: Add missing dependency on CRYPTO_SIG
2f103287ef79 ALSA: Fix deadlocks with kctl removals at disconnection
e644036a3e2b ALSA: core: Fix NULL module pointer assignment at card init
8d04efceb46f ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11.
5698ba69326c ksmbd: ignore trailing slashes in share paths
6772584945b6 ksmbd: avoid to send duplicate oplock break notifications
579a0c69794b fs/ntfs3: Break dir enumeration if directory contents error
84906740dc56 fs/ntfs3: Fix case when index is reused during tree transformation
e4fd2dce71fb fs/ntfs3: Taking DOS names into account during link counting
df1f6ed23b51 fs/ntfs3: Remove max link count info display during driver init
a8799662fed1 nilfs2: fix potential hang in nilfs_detach_log_writer()
f81fd0061066 nilfs2: fix unexpected freezing of nilfs_segctor_sync()
f9186bba4ea2 nilfs2: fix use-after-free of timer for log writer thread
d65984358ac0 net: smc91x: Fix m68k kernel compilation for ColdFire CPU
77237eabdcd9 net: lan966x: remove debugfs directory in probe() error path
5cd17f0e74cb net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()
f678c3c33655 tools/nolibc/stdlib: fix memory error in realloc()
64f0c3bd2dd7 tools/latency-collector: Fix -Wformat-security compile warns
622ab95fdcfa net: mana: Fix the extra HZ in mana_hwc_send_request
af3274905b31 ring-buffer: Fix a race between readers and resize checks
68222d7b4b72 r8169: Fix possible ring buffer corruption on fragmented Tx packets.
766e3bacc7f9 Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already"
a9886aad5dfd io_uring: fail NOP if non-zero op flags is passed in
68a767dd690b Input: try trimming too long modalias strings
e4a1d0aa0d4d serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
7e16930d4671 serial: 8250_bcm7271: use default_mux_rate if possible
c6e1650cf5df speakup: Fix sizeof() vs ARRAY_SIZE() bug
62c3763dcb03 tty: n_gsm: fix missing receive state reset after mode switch
774d83b008ec tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
7b4881da5b19 ftrace: Fix possible use-after-free issue in ftrace_location()
775de4e954cb selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly
b1c2d09a40a5 x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
7c76aad68f6d kselftest: Add a ksft_perror() helper
06644f0d7193 drm/tilcdc: Set preferred depth
ff7ae7b32324 crypto: jitter - add RCT/APT support for different OSRs
50cd24ddb6f0 arm64: defconfig: remove CONFIG_IPQ_APSS_5018
58e5c91d6701 x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
c878fd2d4c79 x86/alternatives: Sync core before enabling interrupts
c2d64b9f52b6 qemux86: add configuration symbol to select values
630c33229e6d sched/isolation: really align nohz_full with rcu_nocbs
0e5e0f68e2e6 clear_warn_once: add a clear_warn_once= boot parameter
46934791b902 clear_warn_once: bind a timer to written reset value
cdee9e38ff32 clear_warn_once: expand debugfs to include read support
82b562b81841 tools: Remove some options from CLANG_CROSS_FLAGS
36dc380b776b libbpf: Fix build warning on ref_ctr_off
9e3e1fe20982 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
e497a4a5da65 perf: x86-32: explicitly include <errno.h>
7b57ddd89565 perf: mips64: Convert __u64 to unsigned long long
1cfc19423dc7 perf: fix bench numa compilation
98bc2815fade perf: add SLANG_INC for slang.h
17209a70b9b3 perf: add sgidefs.h to for mips builds
9cd4258d910a perf: change --root to --prefix for python install
8110a4f26628 perf: add 'libperl not found' warning
bc89d5e08f77 perf: force include of <stdbool.h>
4f6c760cc876 fat: Replace prandom_u32() with get_random_u32()
bc53117b12b2 fat: don't use obsolete random32 call in namei_vfat
30b2236ab378 FAT: Added FAT_NO_83NAME
cef98d22b4ed FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
0bbd7daba9e1 FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
5883fc340084 aufs6: adapt to v6.6 i_op->ctime changes
c4342d979bf2 aufs6: fix magic.mk include path
35266bc2dc81 aufs6: adapt to v6.6
8edede4e98be aufs6: core
712248233ebe aufs6: standalone
3b71a8a848d8 aufs6: mmap
3e2924871f37 aufs6: base
7f4907a93101 aufs6: kbuild
d2f7b03e4aa7 yaffs2: update VFS ctime operations to 6.6+
bcd6cfcd1aa0 yaffs2: v6.5 fixups
cc615704b5f5 yaffs2: Fix miscalculation of devname buffer length
8ef2e22dcf91 yaffs2: convert user_namespace to mnt_idmap
c9c749f9f7d3 yaffs2: replace bdevname call with sprintf
395b01cdc39d yaffs2: convert read_page -> readfolio
d98b07e43ba6 yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
613c6d50fdbe yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
622c4648936f yaffs2: v5.12+ build fixups (not runtime tested)
7562133d4090 yaffs: include blkdev.h
dbd44252cd59 yaffs: fix misplaced variable declaration
c223a10b1ac0 yaffs2: v5.6 build fixups
90f6007cfbf4 yaffs2: fix memory leak when /proc/yaffs is read
37ee169c5ea1 yaffs: add strict check when call yaffs_internal_read_super
b6e007b8abb6 yaffs: repair yaffs_get_mtd_device
fb98f65a466a yaffs: Fix build failure by handling inode i_version with proper atomic API
51e0aac75ea2 yaffs2: fix memory leak in mount/umount
2b74a0cae7b0 yaffs: Avoid setting any ACL releated xattr
ff4130a9c376 Yaffs:check oob size before auto selecting Yaffs1
ba95b409c67c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
8fa35eba9056 yaffs2: adjust to proper location of MS_RDONLY
1eb5deaad8c4 yaffs2: import git revision b4ce1bb (jan, 2020)
4dce67c1e8c8 initramfs: allow an optional wrapper script around initramfs generation
2f603d83fcc4 pnmtologo: use relocatable file name
664a6a0a484b tools: use basename to identify file in gen-mach-types
9de64bc0c185 lib/build_OID_registry: fix reproducibility issues
ae9b80797295 vt/conmakehash: improve reproducibility
a972323151bd iwlwifi: select MAC80211_LEDS conditionally
15d2adcc0198 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
5556a6c04b19 arm64/perf: Fix wrong cast that may cause wrong truncation
5552dc768ffc defconfigs: drop obselete options
00fe4152df31 arm64/perf: fix backtrace for AAPCS with FP enabled
3888d0652edf linux-yocto: Handle /bin/awk issues
3d55d299f23a uvesafb: provide option to specify timeout for task completion
23c068c080be uvesafb: print error message when task timeout occurs
edbfc939266e compiler.h: Undef before redefining __attribute_const__
c99ae7e2a19a vmware: include jiffies.h
572d84d928c8 Resolve jiffies wrapping about arp
fdcd47cac843 nfs: Allow default io size to be configured.
927d48801098 check console device file on fs when booting
57cc27f821dd mount_root: clarify error messages for when no rootfs found
1b53d82a8152 mconf: fix output of cflags and libraries
1811da09f42c menuconfig,mconf-cfg: Allow specification of ncurses location
83c2e0c6eb1f modpost: mask trivial warnings
6de673039484 kbuild: exclude meta directory from distclean processing
6decd32815f5 powerpc: serialize image targets
f6b683b38318 arm: serialize build targets
e798b09ebf57 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
dc8a1e5a88f8 x86_64_defconfig: Fix warnings
68491e5f72b6 powerpc/ptrace: Disable array-bounds warning with gcc8
d71ebfce3004 powerpc: Disable attribute-alias warnings from gcc8
62f50884b8b1 powerpc: kexec fix for powerpc64
da6871c62c37 powerpc: Add unwind information for SPE registers of E500 core
f161c880c11d mips: make current_cpu_data preempt safe
5e94a8247ce7 mips: vdso: fix 'jalr $t9' crash in vdso code
19e36714b1c7 mips: Kconfig: add QEMUMIPS64 option
e2e537db3cbd 4kc cache tlb hazard: tlbp cache coherency
aee9870611e5 malta uhci quirks: make allowance for slow 4k(e)c
881948cd1517 drm/fb-helper: move zeroing code to drm_fb_helper_fill_var
98ec1963fcb7 arm64: defconfig: cleanup config options
f1727c537ba8 vexpress: Pass LOADADDR to Makefile
4474c32dc24a arm: ARM EABI socketcall
75e31a2b70fd ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5d18e5da09b889578fb1f004e41869a81e10081)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index f8d47a9dba..50f4fe0eb6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "59b2635b04e2ef8162e52f82e848b81073cea708"
-SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28"
+SRCREV_machine ?= "e88fd5bf97b83b10f7e93c2af4100cd16d59db63"
+SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.32"
+LINUX_VERSION ?= "6.6.34"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 7378a37521..a330e14468 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.32"
+LINUX_VERSION ?= "6.6.34"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28"
+SRCREV_machine ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index b64ac78fd1..f67d73d2e6 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "6e4ec0ec5052e3a107ec7e5977ea9282d3642ea7"
-SRCREV_machine:qemuarm64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemuloongarch64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemumips ?= "cab976b23497344b74b7e4cbcb5df732f8630150"
-SRCREV_machine:qemuppc ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemuriscv64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemuriscv32 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemux86 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemux86-64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_machine:qemumips64 ?= "aa0c0197b3a0628992e959708a2ad015603e93ad"
-SRCREV_machine ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a"
-SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28"
+SRCREV_machine:qemuarm ?= "a12679d200785775317fb7b7fe9b145cd77187eb"
+SRCREV_machine:qemuarm64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemuloongarch64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemumips ?= "f0ff71ea239e1395c9318d4edd2213a702aa8d19"
+SRCREV_machine:qemuppc ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemuriscv64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemuriscv32 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemux86 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemux86-64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_machine:qemumips64 ?= "39f86019c95a6efb4aa3bf4d0185f05bb184d29b"
+SRCREV_machine ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
+SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "91de249b6804473d49984030836381c3b9b3cfb0"
+SRCREV_machine:class-devupstream ?= "76d42e596d895c53abf86daca4e5877fe0088145"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.32"
+LINUX_VERSION ?= "6.6.34"
PV = "${LINUX_VERSION}+git"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 09/21] linux-yocto/6.6: update to v6.6.35
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 08/21] linux-yocto/6.6: update to v6.6.34 Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 10/21] linux-yocto/6.6: fix AMD boot trace Steve Sakoman
` (11 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
5f2d0708acd0 Linux 6.6.35
3466abafa9f4 zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
2fd6cfb2a4e6 i2c: designware: Fix the functionality flags of the slave-only interface
572afd43c959 i2c: at91: Fix the functionality flags of the slave-only interface
a4cd6074aed6 misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe()
2cc32639ec34 usb-storage: alauda: Check whether the media is initialized
3a03ef31c1e9 serial: 8250_dw: Don't use struct dw8250_data outside of 8250_dw
836e1a9fd8eb serial: 8250_dw: Replace ACPI device check by a quirk
1d98b6a0b90c serial: 8250_dw: Switch to use uart_read_port_properties()
f59e2391d3a9 serial: port: Introduce a common helper to read properties
68a53d1212ed serial: core: Add UPIO_UNKNOWN constant for unknown port type
1006d1b5eb01 device property: Implement device_is_big_endian()
dd431c3ac1fc ima: Fix use-after-free on a dentry's dname.name
0b8fba38bdfb greybus: Fix use-after-free bug in gb_interface_release due to race condition.
aefd8f343d90 selftests: net: lib: avoid error removing empty netns name
44bdef23572c selftests: net: lib: support errexit with busywait
1d650d2c9bcc selftests/net/lib: no need to record ns name if it already exist
d722ed2530e1 selftests/net/lib: update busywait timeout value
8a73c08e00fe cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode
3beccb6a326d remoteproc: k3-r5: Jump to error handling labels in start/stop errors
bb2f3187e310 selftests: forwarding: Avoid failures to source net/lib.sh
2a969959b94f selftests/net: add variable NS_LIST for lib.sh
04f7b9b4d7f8 selftests/net: add lib.sh
dd782da47076 Revert "fork: defer linking file vma until vma is fully initialized"
72b5c7f3b358 serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
0d73477af964 mm/huge_memory: don't unpoison huge_zero_folio
93d61e1bac0a tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device()
614d397be0cf nilfs2: fix potential kernel bug due to lack of writeback flag waiting
f8474caf39bd swiotlb: extend buffer pre-padding to alloc_align_mask if necessary
6c385c1fa0a7 swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE
6033fc9522d2 swiotlb: Enforce page alignment in swiotlb_alloc()
9f2050106f37 xfs: allow cross-linking special files without project quota
8bb0402836d0 xfs: don't use current->journal_info
79ba47df4e98 xfs: allow sunit mount option to repair bad primary sb stripe values
ae609281ecae xfs: ensure submit buffers on LSN boundaries in error handlers
04fa4269089b xfs: shrink failure needs to hold AGI buffer
ea365e606231 xfs: fix SEEK_HOLE/DATA for regions with active COW extents
7f0e5af2690a xfs: fix scrub stats file permissions
20bccdb03a7b xfs: fix imprecise logic in xchk_btree_check_block_owner
092571ef9a81 btrfs: zoned: fix use-after-free due to race with dev replace
069e0cc343da btrfs: zoned: factor out DUP bg handling from btrfs_load_block_group_zone_info
68713bc70dab btrfs: zoned: factor out single bg handling from btrfs_load_block_group_zone_info
a139ad664240 btrfs: zoned: factor out per-zone logic from btrfs_load_block_group_zone_info
f9526760879a btrfs: zoned: introduce a zone_info struct in btrfs_load_block_group_zone_info
a3be677629e4 pmdomain: ti-sci: Fix duplicate PD referrals
6fd062713d99 intel_th: pci: Add Lunar Lake support
ebcef9116484 intel_th: pci: Add Meteor Lake-S support
c8727ddde12c intel_th: pci: Add Sapphire Rapids SOC support
37eb9f7cc719 intel_th: pci: Add Granite Rapids SOC support
3b08df88b00d intel_th: pci: Add Granite Rapids support
f287b1e34f1d drm/i915: Fix audio component initialization
7a9883be3b98 drm/i915/dpt: Make DPT object unshrinkable
1b4a8b89bf67 drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
1d2f1123a05e drm/i915/gt: Disarm breadcrumbs if engines are already idle
42524cc5feef rtla/auto-analysis: Replace \t with spaces
d32f12e15732 rtla/timerlat: Simplify "no value" printing on top
8661a7af0499 riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context
6ee0c842d4ad iio: invensense: fix interrupt timestamp alignment
955c824d543c iio: adc: axi-adc: make sure AXI clock is enabled
33187fa1a8bb remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
2494bc856e7c remoteproc: k3-r5: Wait for core0 power-up before powering up core1
aa81c7b078e0 dmaengine: axi-dmac: fix possible race in remove()
4145835ec209 PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
3c361f313d69 ocfs2: fix races between hole punching and AIO+DIO
7ec0e3b86f5a ocfs2: use coarse time for new created files
518fbd644dab fs/proc: fix softlockup in __read_vmcore
ba04b459efd1 knfsd: LOOKUP can return an illegal error value
591d5b12f814 spmi: hisi-spmi-controller: Do not override device identifier
e293c6b38ac9 vmci: prevent speculation leaks by sanitizing event in event_deliver()
2d11505e79c7 dma-buf: handle testing kthreads creation failure
e946428439a0 sock_map: avoid race between sock_map_close and sk_psock_put
2c581ca0d68f null_blk: Print correct max open zones limit in null_init_zoned_dev()
5fc6b708ef20 kheaders: explicitly define file modes for archived headers
fcb88dc66b72 tracing/selftests: Fix kprobe event name test for .isra. functions
d63e501ac6da riscv: fix overlap of allocated page and PTR_ERR
7063f15d2ae2 perf auxtrace: Fix multiple use of --itrace option
809a2ed17179 perf/core: Fix missing wakeup when waiting for context reference
348008f0043c x86/amd_nb: Check for invalid SMN reads
d91ddd050826 x86/kexec: Fix bug with call depth tracking
5c0fb9cb404a irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()
6d0881a00d4c clkdev: Update clkdev id usage to allow for longer names
dbf0787c2f45 mptcp: pm: update add_addr counters after connect
09469a081715 mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
f1f0a46f8bb8 mptcp: ensure snd_una is properly initialized on connect
35bcf16b4a28 drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
a269c5701244 drm/exynos/vidi: fix memory leak in .get_modes()
fd880577c6d4 ACPI: x86: Force StorageD3Enable on more products
5bf196f1936b parisc: Try to fix random segmentation faults in package builds
a42b0060d6ff drivers: core: synchronize really_probe() and dev_uevent()
e57c84e156e7 iio: imu: inv_icm42600: delete unneeded update watermark call
aaf6b327a386 iio: invensense: fix odr switching to same value
8e472061a32c iio: dac: ad5592r: fix temperature channel scaling value
24ff87bb9f0b iio: adc: ad9467: fix scan type sign
d4f3861893f9 x86/boot: Don't add the EFI stub to targets, again
db20d4e4872b ksmbd: fix missing use of get_write in in smb2_set_ea()
13b38f9262f5 ksmbd: move leading slash check to smb2_get_name()
86c9713602f7 misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
ca6660c95624 bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
185c72f6b9eb af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
183ebc167a8a ionic: fix use after netif_napi_del()
7caefa277172 net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
a6cc9e9a651b net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
96d3265fc4f1 net/ipv6: Fix the RT cache flush via sysctl using a previous delay
9a3eb4816ab9 nvmet-passthru: propagate status from id override functions
fe1e395563cc block: fix request.queuelist usage in flush
6b7155458ed2 block: sed-opal: avoid possible wrong address reference in read_sed_opal_key()
35119b1139e7 net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters
d01f39f73bed gve: ignore nonrelevant GSO type bits when processing TSO headers
b0c95cefd9b6 net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP
2ad10c2aadb7 scsi: ufs: core: Quiesce request queues before checking pending cmds
567cfc59e468 x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking
5396ce9a5e68 x86/asm: Use %c/%n instead of %P operand modifier in asm templates
2ba35b37f780 netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
b30669fdea0c netfilter: nft_inner: validate mandatory meta and payload
7ccca396e989 Bluetooth: fix connection setup in l2cap_connect
599a28fa9ecd Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
110764a0713e net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets
bb5c1b0fbd98 geneve: Fix incorrect inner network header offset when innerprotoinherit is set
c72660999c17 net dsa: qca8k: fix usages of device_get_named_child_node()
d61808ac9947 tcp: fix race in tcp_v6_syn_recv_sock()
b5c8ffc8cfde drm/bridge/panel: Fix runtime warning on panel bridge release
9460961d8213 drm/komeda: check for error-valued pointer
f100031fd6a5 net: stmmac: dwmac-qcom-ethqos: Configure host DMA width
fd2b613bc4c5 liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
47016dcb50e9 net: hns3: add cond_resched() to hns3 ring buffer init process
689de7c3bfc7 net: hns3: fix kernel crash problem in concurrent scenario
ef01c26d6f7a net: sfp: Always call `sfp_sm_mod_remove()` on remove
6797259d9b92 modpost: do not warn about missing MODULE_DESCRIPTION() for vmlinux.o
6fdc1152afae af_unix: Annotate data-race of sk->sk_state in unix_accept().
b82c97a79b8e drm/vmwgfx: Don't memcmp equivalent pointers
ce48b688a8d2 drm/vmwgfx: Remove STDU logic from generic mode_valid function
15a875ecfc2f drm/vmwgfx: 3D disabled should not effect STDU memory limits
3ca8e582e03e drm/vmwgfx: Filter modes which exceed graphics memory
b0b05171de1f drm/vmwgfx: Refactor drm connector probing for display modes
f677ca8cfefe HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
1bbadf953fad io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue()
ab702c3483db io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
7388ae6f26c0 iommu: Return right value in iommu_sva_bind_device()
c344d7030717 iommu/amd: Fix sysfs leak in iommu init
30f76bc468b9 HID: core: remove unnecessary WARN_ON() in implement()
17a6806f606f gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type
12043e85bd71 gpio: tqmx86: store IRQ trigger type and unmask status separately
01aa7b7a3dd7 gpio: tqmx86: introduce shadow register for GPIO output value
d69079010813 gpio: tqmx86: fix typo in Kconfig label
b07a62f8c843 platform/x86: dell-smbios: Fix wrong token data in sysfs
2c82e21bbc05 drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation
ca060e255794 nvme: fix nvme_pr_* status code parsing
beb2dde5e1b9 selftests/tracing: Fix event filter test to retry up to 10 times
b21cae468849 NFS: add barriers when testing for NFS_FSDATA_BLOCKED
b1a6e884de15 SUNRPC: return proper error from gss_wrap_req_priv
c30988e06b15 NFSv4.1 enforce rootpath check in fs_location query
a9aa5a49c8ed clk: sifive: Do not register clkdevs for PRCI clocks
dff9b2238969 selftests/ftrace: Fix to check required event file
3bf0b8030296 cachefiles: flush all requests after setting CACHEFILES_DEAD
d2d3eb377a5d cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
527db1cb4cd6 cachefiles: never get a new anonymous fd if ondemand_id is valid
1d95e5010ce8 cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
3958679c4915 cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
a6de82765e12 cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
9f5fa40f0924 cachefiles: add restore command to recover inflight ondemand read requests
e564e48ca299 cachefiles: add spin_lock for cachefiles_ondemand_info
f740fd943bb1 cachefiles: resend an open request if the read request's object is closed
33d21f0658cf cachefiles: extract ondemand info field from cachefiles_object
955190e1851a cachefiles: introduce object ondemand state
50d0e55356ba cachefiles: remove requests from xarray during flushing requests
19133f53f199 cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
d8316838aa06 cxl/region: Fix memregion leaks in devm_cxl_add_region()
09b4aa2815bf cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c
b3f206985a33 HID: nvidia-shield: Add missing check for input_ff_create_memless
af4cff0dd640 powerpc/uaccess: Fix build errors seen with GCC 13/14
2ce5341c3699 gve: Clear napi->skb before dev_kfree_skb_any()
323d2563bde0 scsi: sd: Use READ(16) when reading block zero on large capacity disks
9079338c5a0d scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
da097dccaece scsi: mpi3mr: Fix ATA NCQ priority support
3e9785d3e92b scsi: core: Disable CDL by default
d5ceeb0b6a71 thunderbolt: debugfs: Fix margin debugfs node creation condition
d4121290b427 xhci: Apply broken streams quirk to Etron EJ188 xHCI host
949be4ec5835 xhci: Handle TD clearing for multiple streams case
0a834fb6dbd8 xhci: Apply reset resume quirk to Etron EJ188 xHCI host
834c57876cc2 xhci: Set correct transferred length for cancelled bulk transfers
4598233d9748 jfs: xattr: fix buffer overflow for invalid xattr
cc30d05b34f9 landlock: Fix d_parent walk
3380fa014a89 serial: port: Don't block system suspend even if bytes are left to xmit
b895a1b981cf tty: n_tty: Fix buffer offsets when lookahead is used
ce356d8d7e91 mei: me: release irq in mei_me_pci_resume error path
ad47b23e4704 usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
04c05d50fa79 usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
b641889cc1cf USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
72a3fe36cf9f USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
43cfac7b88ad io_uring: check for non-NULL file pointer in io_file_can_poll()
0c9df3df0c88 io_uring/rsrc: don't lock while !TASK_RUNNING
d18b05eda7fa nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
8394dce13573 nilfs2: return the mapped address from nilfs_get_page()
39a143a2b072 bpf: fix multi-uprobe PID filtering logic
7ec535ed8724 eventfs: Update all the eventfs_inodes from the events descriptor
1c88d94a7a33 irqchip/riscv-intc: Prevent memory leak when riscv_intc_init_common() fails
85ca483e729d irqchip/riscv-intc: Introduce Andes hart-level interrupt controller
482095341313 irqchip/riscv-intc: Allow large non-standard interrupt number
01c987b8282c selftests/mm: compaction_test: fix bogus test success on Aarch64
3f6ccd40afc4 selftests/mm: log a consistent test name for check_compaction
d39532e9186a selftests/mm: conform test to TAP format output
bb9bb13ce64c mm/memory-failure: fix handling of dissolved but not taken off from buddy pages
fe01748ca6d6 memory-failure: use a folio in me_huge_page()
130b4b9478c3 firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails
16ece7c5645a ksmbd: use rwsem instead of rwlock for lease break
6548d543a274 net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
7e796c3fefa8 ipv6: fix possible race in __fib6_drop_pcpu_from()
d8011254e9b1 af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
60db0759c4f5 af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
471ec7b77a8d af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
f1683d07ebd1 af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
29fce603b14b af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
996ec22ff576 af_unix: Annotate data-races around sk->sk_sndbuf.
4398f59518ce af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
0ede400c32ae af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
776fcc45e3f4 af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
3d25de6486f4 af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
484e036e1a2c af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll().
4e38d6c04943 af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
45733e981e8c af_unix: Annodate data-races around sk->sk_state for writers.
8003545ca10d af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer.
040d93848703 net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
649b63f5daf6 ice: add flag to distinguish reset from .ndo_bpf in XDP rings config
eab834acb474 ice: remove af_xdp_zc_qps bitmap
3201ba7d1c8c ice: fix iteration of TLVs in Preserved Fields Area
b21bb09f8be6 ptp: Fix error message on failed pin verification
724050ae4b76 net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
d857df86837a net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
6ccada6ffb42 net/mlx5: Always stop health timer during driver removal
e3001df36cd6 net/mlx5: Stop waiting for PCI if pci channel is offline
3dd41669b300 mptcp: count CLOSE-WAIT sockets for MPTCP_MIB_CURRESTAB
acdf17546ef8 tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
924f7bbfc5cf vxlan: Fix regression when dropping packets due to invalid src addresses
54c2c171c11a net: sched: sch_multiq: fix possible OOB write in multiq_tune()
cba5467442b2 net: phy: Micrel KSZ8061: fix errata solution not taking effect problem
b03255294e88 net/smc: avoid overwriting when adjusting sock bufsizes
2d7912f3ac65 octeontx2-af: Always allocate PF entries from low prioriy zone
d387805d4b4a bpf: Set run context for rawtp test_run callback
50569d12945f net: tls: fix marking packets as decrypted
f8dd092e8b47 ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
db21c1ee6b6d ipv6: ioam: block BH from ioam6_output()
9ee14af24e67 vmxnet3: disable rx data ring on dma allocation failure
834aa2c34b8f KVM: SEV-ES: Delegate LBR virtualization to the processor
b6e4076ca94b KVM: SEV: Do not intercept accesses to MSR_IA32_XSS for SEV-ES guests
2128bae4ecab KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent
91cff53136da bpf: Fix a potential use-after-free in bpf_link_free()
2ad2f2edb944 bpf: Optimize the free of inner map
5aa03dd388d1 bpf: Store ref_ctr_offsets values in bpf_uprobe array
02a255723e6b net: phy: micrel: fix KSZ9477 PHY issues after suspend/resume
645e643eeb9a net/ncsi: Fix the multi thread manner of NCSI driver
d7dd9d1f02b2 net/ncsi: Simplify Kconfig/dts control flow
87cc2514162f ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
52100fd74ad0 ax25: Fix refcount imbalance on inbound connections
909dc098a754 RISC-V: KVM: Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext function
5d8622f61ef1 RISC-V: KVM: No need to use mask when hart-index-bit is 0
b2b1043ac1f5 scsi: ufs: mcq: Fix error output and clean up ufshcd_mcq_abort()
2f467fefdfae wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
a05018739a5e wifi: iwlwifi: mvm: don't read past the mfuart notifcation
29a18d56bd64 wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
f7773fff6dda wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
bdfa7cf3281b wifi: iwlwifi: mvm: set properly mac header
1ef2671de723 wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
1fd3f32695af wifi: iwlwifi: mvm: don't initialize csa_work twice
ff2b4dc81e67 wifi: cfg80211: pmsr: use correct nla_get_uX functions
0ccc63958d83 wifi: cfg80211: Lock wiphy in cfg80211_get_station
46b7eff59a32 wifi: cfg80211: fully move wiphy work to unbound workqueue
456bbb8a31e4 wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
63d5f89bb566 wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
c31365597a17 powerpc/uaccess: Fix build errors seen with GCC 13/14
64ebf485c56b usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
7c76aad68f6d kselftest: Add a ksft_perror() helper
06644f0d7193 drm/tilcdc: Set preferred depth
ff7ae7b32324 crypto: jitter - add RCT/APT support for different OSRs
50cd24ddb6f0 arm64: defconfig: remove CONFIG_IPQ_APSS_5018
58e5c91d6701 x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
c878fd2d4c79 x86/alternatives: Sync core before enabling interrupts
c2d64b9f52b6 qemux86: add configuration symbol to select values
630c33229e6d sched/isolation: really align nohz_full with rcu_nocbs
0e5e0f68e2e6 clear_warn_once: add a clear_warn_once= boot parameter
46934791b902 clear_warn_once: bind a timer to written reset value
cdee9e38ff32 clear_warn_once: expand debugfs to include read support
82b562b81841 tools: Remove some options from CLANG_CROSS_FLAGS
36dc380b776b libbpf: Fix build warning on ref_ctr_off
9e3e1fe20982 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
e497a4a5da65 perf: x86-32: explicitly include <errno.h>
7b57ddd89565 perf: mips64: Convert __u64 to unsigned long long
1cfc19423dc7 perf: fix bench numa compilation
98bc2815fade perf: add SLANG_INC for slang.h
17209a70b9b3 perf: add sgidefs.h to for mips builds
9cd4258d910a perf: change --root to --prefix for python install
8110a4f26628 perf: add 'libperl not found' warning
bc89d5e08f77 perf: force include of <stdbool.h>
4f6c760cc876 fat: Replace prandom_u32() with get_random_u32()
bc53117b12b2 fat: don't use obsolete random32 call in namei_vfat
30b2236ab378 FAT: Added FAT_NO_83NAME
cef98d22b4ed FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
0bbd7daba9e1 FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
5883fc340084 aufs6: adapt to v6.6 i_op->ctime changes
c4342d979bf2 aufs6: fix magic.mk include path
35266bc2dc81 aufs6: adapt to v6.6
8edede4e98be aufs6: core
712248233ebe aufs6: standalone
3b71a8a848d8 aufs6: mmap
3e2924871f37 aufs6: base
7f4907a93101 aufs6: kbuild
d2f7b03e4aa7 yaffs2: update VFS ctime operations to 6.6+
bcd6cfcd1aa0 yaffs2: v6.5 fixups
cc615704b5f5 yaffs2: Fix miscalculation of devname buffer length
8ef2e22dcf91 yaffs2: convert user_namespace to mnt_idmap
c9c749f9f7d3 yaffs2: replace bdevname call with sprintf
395b01cdc39d yaffs2: convert read_page -> readfolio
d98b07e43ba6 yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
613c6d50fdbe yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
622c4648936f yaffs2: v5.12+ build fixups (not runtime tested)
7562133d4090 yaffs: include blkdev.h
dbd44252cd59 yaffs: fix misplaced variable declaration
c223a10b1ac0 yaffs2: v5.6 build fixups
90f6007cfbf4 yaffs2: fix memory leak when /proc/yaffs is read
37ee169c5ea1 yaffs: add strict check when call yaffs_internal_read_super
b6e007b8abb6 yaffs: repair yaffs_get_mtd_device
fb98f65a466a yaffs: Fix build failure by handling inode i_version with proper atomic API
51e0aac75ea2 yaffs2: fix memory leak in mount/umount
2b74a0cae7b0 yaffs: Avoid setting any ACL releated xattr
ff4130a9c376 Yaffs:check oob size before auto selecting Yaffs1
ba95b409c67c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
8fa35eba9056 yaffs2: adjust to proper location of MS_RDONLY
1eb5deaad8c4 yaffs2: import git revision b4ce1bb (jan, 2020)
4dce67c1e8c8 initramfs: allow an optional wrapper script around initramfs generation
2f603d83fcc4 pnmtologo: use relocatable file name
664a6a0a484b tools: use basename to identify file in gen-mach-types
9de64bc0c185 lib/build_OID_registry: fix reproducibility issues
ae9b80797295 vt/conmakehash: improve reproducibility
a972323151bd iwlwifi: select MAC80211_LEDS conditionally
15d2adcc0198 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
5556a6c04b19 arm64/perf: Fix wrong cast that may cause wrong truncation
5552dc768ffc defconfigs: drop obselete options
00fe4152df31 arm64/perf: fix backtrace for AAPCS with FP enabled
3888d0652edf linux-yocto: Handle /bin/awk issues
3d55d299f23a uvesafb: provide option to specify timeout for task completion
23c068c080be uvesafb: print error message when task timeout occurs
edbfc939266e compiler.h: Undef before redefining __attribute_const__
c99ae7e2a19a vmware: include jiffies.h
572d84d928c8 Resolve jiffies wrapping about arp
fdcd47cac843 nfs: Allow default io size to be configured.
927d48801098 check console device file on fs when booting
57cc27f821dd mount_root: clarify error messages for when no rootfs found
1b53d82a8152 mconf: fix output of cflags and libraries
1811da09f42c menuconfig,mconf-cfg: Allow specification of ncurses location
83c2e0c6eb1f modpost: mask trivial warnings
6de673039484 kbuild: exclude meta directory from distclean processing
6decd32815f5 powerpc: serialize image targets
f6b683b38318 arm: serialize build targets
e798b09ebf57 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
dc8a1e5a88f8 x86_64_defconfig: Fix warnings
68491e5f72b6 powerpc/ptrace: Disable array-bounds warning with gcc8
d71ebfce3004 powerpc: Disable attribute-alias warnings from gcc8
62f50884b8b1 powerpc: kexec fix for powerpc64
da6871c62c37 powerpc: Add unwind information for SPE registers of E500 core
f161c880c11d mips: make current_cpu_data preempt safe
5e94a8247ce7 mips: vdso: fix 'jalr $t9' crash in vdso code
19e36714b1c7 mips: Kconfig: add QEMUMIPS64 option
e2e537db3cbd 4kc cache tlb hazard: tlbp cache coherency
aee9870611e5 malta uhci quirks: make allowance for slow 4k(e)c
881948cd1517 drm/fb-helper: move zeroing code to drm_fb_helper_fill_var
98ec1963fcb7 arm64: defconfig: cleanup config options
f1727c537ba8 vexpress: Pass LOADADDR to Makefile
4474c32dc24a arm: ARM EABI socketcall
75e31a2b70fd ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c404775afcb500aa931ace1289df7a194f0778ba)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 50f4fe0eb6..3900690c74 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "e88fd5bf97b83b10f7e93c2af4100cd16d59db63"
-SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
+SRCREV_machine ?= "1d96726faac7f57c1bb3466edc283d929fc183b6"
+SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.34"
+LINUX_VERSION ?= "6.6.35"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index a330e14468..0a9b96753c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.34"
+LINUX_VERSION ?= "6.6.35"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
+SRCREV_machine ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index f67d73d2e6..808561f45a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "a12679d200785775317fb7b7fe9b145cd77187eb"
-SRCREV_machine:qemuarm64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemuloongarch64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemumips ?= "f0ff71ea239e1395c9318d4edd2213a702aa8d19"
-SRCREV_machine:qemuppc ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemuriscv64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemuriscv32 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemux86 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemux86-64 ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_machine:qemumips64 ?= "39f86019c95a6efb4aa3bf4d0185f05bb184d29b"
-SRCREV_machine ?= "64ebf485c56b5375d9196020b3ed92f857283ee0"
-SRCREV_meta ?= "e48b725284bb2889c8c5da8d255ec277f44bf8a0"
+SRCREV_machine:qemuarm ?= "7e5d1df22352c96c1d63d81d59457ff30e82e2d9"
+SRCREV_machine:qemuarm64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemuloongarch64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemumips ?= "f26493dbcd22b4d89beed4eabdc52d124d59658a"
+SRCREV_machine:qemuppc ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemuriscv64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemuriscv32 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemux86 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemux86-64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_machine:qemumips64 ?= "1ef0c6554b95984a5fc9e7cd3bb27ab617204149"
+SRCREV_machine ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
+SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "76d42e596d895c53abf86daca4e5877fe0088145"
+SRCREV_machine:class-devupstream ?= "5f2d0708acd0e1d2475d73c61819053de284bcc4"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.34"
+LINUX_VERSION ?= "6.6.35"
PV = "${LINUX_VERSION}+git"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 10/21] linux-yocto/6.6: fix AMD boot trace
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 09/21] linux-yocto/6.6: update to v6.6.35 Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 11/21] python3-requests: cleanup RDEPENDS Steve Sakoman
` (10 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/6.6:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: cpu/amd: inhibit SMP check for qemux86
Date: Fri, 28 Jun 2024 12:55:18 -0400
When booting with kvm enabled on a AMD host, the following
trace is thrown:
[ 0.084519] ------------[ cut here ]------------
[ 0.084519] WARNING: This combination of AMD processors is not suitable for SMP.
[ 0.084519] WARNING: CPU: 1 PID: 0 at /arch/x86/kernel/cpu/amd.c:341 init_amd+0xaee/0xbcc
[ 0.084519] Modules linked in:
[ 0.084519] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.32-yocto-standard #1
[ 0.084519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
This warning is not valid in our configuration and is unnecesarily
causing issue with debug.
This has been know for some time (10+ years), but no acceptable
solutioon has been found upstream:
https://lists.gnu.org/archive/html/qemu-devel/2010-03/msg01428.html
https://lkml.org/lkml/2010/3/30/397
We have a configuration CONFIG_QEMUX86 that has been added for
situations like this. When that value is defined, we inhibit the
warning, but leave it as-is for other BSPs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0c03000abb7665352cf107a600da15a112af5fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.6.bb | 4 ++--
.../linux/linux-yocto-tiny_6.6.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 24 +++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 3900690c74..dc1413ca94 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,8 +14,8 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "1d96726faac7f57c1bb3466edc283d929fc183b6"
-SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
+SRCREV_machine ?= "4209a548f26ad97f610f6c7acfee7fabe009dd3d"
+SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0a9b96753c..f02a9c186a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
+SRCREV_machine ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 808561f45a..ca7c4e978a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,18 +18,18 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "7e5d1df22352c96c1d63d81d59457ff30e82e2d9"
-SRCREV_machine:qemuarm64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemuloongarch64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemumips ?= "f26493dbcd22b4d89beed4eabdc52d124d59658a"
-SRCREV_machine:qemuppc ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemuriscv64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemuriscv32 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemux86 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemux86-64 ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_machine:qemumips64 ?= "1ef0c6554b95984a5fc9e7cd3bb27ab617204149"
-SRCREV_machine ?= "4c1fbbd1c2b7c31e1755cfa83199cdfcb9707832"
-SRCREV_meta ?= "fe550a76832d3c144e7af34ab78d5da0dcf092ce"
+SRCREV_machine:qemuarm ?= "7558103b801174f277373aa9d7d7eedf3a30d5f8"
+SRCREV_machine:qemuarm64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemuloongarch64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemumips ?= "cd21dc96adcb1d60ad6cc57446464abf4dd338fc"
+SRCREV_machine:qemuppc ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemuriscv64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemuriscv32 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemux86 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemux86-64 ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_machine:qemumips64 ?= "6700dad2e55f71fea268db201a394b371ffdd78c"
+SRCREV_machine ?= "f71bb11887bae80ab718b3f38f1c1e80c07676a3"
+SRCREV_meta ?= "da275b53b13faafa834352e3f9dd3f91a2c03bb8"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 11/21] python3-requests: cleanup RDEPENDS
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 10/21] linux-yocto/6.6: fix AMD boot trace Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 12/21] python3-setuptools: drop python3-2to3 from RDEPENDS Steve Sakoman
` (9 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudni.m.g@gmail.com>
Drop the following dependencies from RDEPENDS:
- python3-ndg-httpsclient
- python3-pyasn1
- python3-pyopenssl
Add a missing dependency into RDEPENDS:
- python3-certifi
Additional fix HOMEPAGE, the old link doesn't work
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3-requests_2.31.0.bb | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/meta/recipes-devtools/python/python3-requests_2.31.0.bb
index df48cd54c3..287b4f8eee 100644
--- a/meta/recipes-devtools/python/python3-requests_2.31.0.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.31.0.bb
@@ -1,5 +1,5 @@
SUMMARY = "Python HTTP for Humans."
-HOMEPAGE = "http://python-requests.org"
+HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
@@ -8,12 +8,10 @@ SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd
inherit pypi setuptools3
RDEPENDS:${PN} += " \
+ python3-certifi \
python3-email \
python3-json \
- python3-ndg-httpsclient \
python3-netserver \
- python3-pyasn1 \
- python3-pyopenssl \
python3-pysocks \
python3-urllib3 \
python3-chardet \
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 12/21] python3-setuptools: drop python3-2to3 from RDEPENDS
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 11/21] python3-requests: cleanup RDEPENDS Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 13/21] libpam: fix runtime error in pam_pwhistory moudle Steve Sakoman
` (8 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudni.m.g@gmail.com>
2to3 module was dropped as a dependency in setuptools 58.0
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3-setuptools_69.1.1.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
index 77d4e0aa03..67475b68eb 100644
--- a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
@@ -16,7 +16,6 @@ SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c
DEPENDS += "python3"
RDEPENDS:${PN} = "\
- python3-2to3 \
python3-compile \
python3-compression \
python3-ctypes \
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 13/21] libpam: fix runtime error in pam_pwhistory moudle
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 12/21] python3-setuptools: drop python3-2to3 from RDEPENDS Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 14/21] rng-tools: ignore incompatible-pointer-types errors for now Steve Sakoman
` (7 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Yi Zhao <yi.zhao@windriver.com>
Backport a patch to fix runtime error in pam_pwhistory module when
selinux is enabled:
root@qemux86-64:~# passwd
passwd: System error
passwd: password unchanged
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...x-passing-NULL-filename-argument-to-.patch | 69 +++++++++++++++++++
meta/recipes-extended/pam/libpam_1.5.3.bb | 1 +
2 files changed, 70 insertions(+)
create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
diff --git a/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
new file mode 100644
index 0000000000..23d5646235
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
@@ -0,0 +1,69 @@
+From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001
+From: Md Zain Hasib <hasibm@vmware.com>
+Date: Sat, 29 Jul 2023 11:01:35 +0530
+Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to
+ pwhistory helper
+
+This change fixes a bug when pwhistory_helper is invoked from
+pam_pwhistory with an NULL filename, pwhistory_helper receives a short
+circuited argc count of 3, ignoring the rest of the arguments passed
+due to filename being NULL. To resolve the issue, an empty string is
+passed in case the filename is empty, which is later changed back to
+NULL in pwhistory_helper so that it can be passed to opasswd to read
+the default opasswd file.
+
+* modules/pam_pwhistory/pam_pwhistory.c (run_save_helper,
+run_check_helper): Replace NULL filename argument with an empty string.
+* modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string
+filename argument with NULL.
+
+Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)")
+Signed-off-by: Dmitry V. Levin <ldv@strace.io>
+
+Upstream-Status: Backport
+[https://github.com/linux-pam/linux-pam/commit/80dc2d410595b5193d32f965185710df27f3984e]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ modules/pam_pwhistory/pam_pwhistory.c | 4 ++--
+ modules/pam_pwhistory/pwhistory_helper.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
+index 5a7fb811..98ddffce 100644
+--- a/modules/pam_pwhistory/pam_pwhistory.c
++++ b/modules/pam_pwhistory/pam_pwhistory.c
+@@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user,
+ args[0] = (char *)PWHISTORY_HELPER;
+ args[1] = (char *)"save";
+ args[2] = (char *)user;
+- args[3] = (char *)filename;
++ args[3] = (char *)((filename != NULL) ? filename : "");
+ DIAG_POP_IGNORE_CAST_QUAL;
+ if (asprintf(&args[4], "%d", howmany) < 0 ||
+ asprintf(&args[5], "%d", debug) < 0)
+@@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user,
+ args[0] = (char *)PWHISTORY_HELPER;
+ args[1] = (char *)"check";
+ args[2] = (char *)user;
+- args[3] = (char *)filename;
++ args[3] = (char *)((filename != NULL) ? filename : "");
+ DIAG_POP_IGNORE_CAST_QUAL;
+ if (asprintf(&args[4], "%d", debug) < 0)
+ {
+diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c
+index 469d95fa..fb9a1e31 100644
+--- a/modules/pam_pwhistory/pwhistory_helper.c
++++ b/modules/pam_pwhistory/pwhistory_helper.c
+@@ -108,7 +108,7 @@ main(int argc, char *argv[])
+
+ option = argv[1];
+ user = argv[2];
+- filename = argv[3];
++ filename = (argv[3][0] != '\0') ? argv[3] : NULL;
+
+ if (strcmp(option, "check") == 0 && argc == 5)
+ return check_history(user, filename, argv[4]);
+--
+2.25.1
+
diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb
index 2a53bb4cc5..ef32d19f3d 100644
--- a/meta/recipes-extended/pam/libpam_1.5.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
file://run-ptest \
file://pam-volatiles.conf \
file://0001-pam_namespace-include-stdint-h.patch \
+ file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \
"
SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 14/21] rng-tools: ignore incompatible-pointer-types errors for now
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 13/21] libpam: fix runtime error in pam_pwhistory moudle Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 15/21] pcmanfm: Disable incompatible-pointer-types warning as error Steve Sakoman
` (6 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* causes libargp test to fail:
http://errors.yoctoproject.org/Errors/Details/766951/
| configure: error: in '/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/build':
| configure: error: libargp disabled and libc does not have argp
config.log shows:
configure:8424: x86_64-webos-linux-gcc -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2 --sysroot=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fcanon-prefix-map -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/git=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/git=/usr/src/debug/rng-tools/6.16 -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/build=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/build=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot= -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot= -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot-native= -DJENT_CONF_ENABLE_INTERNAL_TIMER -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fcanon-prefix-map -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/git=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/git=/usr/src/debug/rng-tools/6.16 -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/build=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/build=/usr/src/debug/rng-tools/6.16 -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot= -fmacro-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot= -fdebug-prefix-map=/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot-native= conftest.c -ljitterentropy >&5
conftest.c: In function 'main':
conftest.c:51:52: error: passing argument 3 of 'argp_parse' from incompatible pointer type [-Wincompatible-pointer-types]
51 | int argc=1; char *argv={"test"}; argp_parse(0,argc,argv,0,0,0); return 0;
| ^~~~
| |
| char *
In file included from conftest.c:47:
/OE/build/luneos-styhead/tmp-glibc/work/qemux86_64-webos-linux/rng-tools/6.16/recipe-sysroot/usr/include/argp.h:371:58: note: expected 'char ** restrict' but argument is of type 'char *'
371 | int __argc, char **__restrict __argv,
| ~~~~~~~~~~~~~~~~~~^~~~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78d9cad294f335f6e5b18b0ca790a9e5723f0c41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/rng-tools/rng-tools_6.16.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb
index f0aa3ff93f..5b66e3badf 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb
@@ -67,3 +67,7 @@ do_install:append() {
${D}${systemd_system_unitdir}/rng-tools.service
fi
}
+
+# libargp detection fails
+# http://errors.yoctoproject.org/Errors/Details/766951/
+CFLAGS += "-Wno-error=incompatible-pointer-types"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 15/21] pcmanfm: Disable incompatible-pointer-types warning as error
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (13 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 14/21] rng-tools: ignore incompatible-pointer-types errors for now Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 16/21] devtool: ide-sdk: correct help typo Steve Sakoman
` (5 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af1290104b58693df69457454ac2a0d35a7e8c60)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb b/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb
index 0c5ed5e55e..fc913c86b3 100644
--- a/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb
+++ b/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb
@@ -27,6 +27,8 @@ inherit autotools pkgconfig features_check mime-xdg
REQUIRED_DISTRO_FEATURES = "x11"
EXTRA_OECONF = "--with-gtk=3"
+# GCC 14 finds extra incompatible pointer type warnings which are treated as errors
+CFLAGS += "-Wno-error=incompatible-pointer-types"
do_install:append () {
install -d ${D}/${datadir}
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 16/21] devtool: ide-sdk: correct help typo
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (14 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 15/21] pcmanfm: Disable incompatible-pointer-types warning as error Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 17/21] oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES Steve Sakoman
` (4 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Antonin Godard <antoningodard@pm.me>
Signed-off-by: Antonin Godard <antoningodard@pm.me>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50e043387a2f0f9a5c2f7a5f914c465c830d329b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/devtool/ide_sdk.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 7807b322b3..65873b088d 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -1052,7 +1052,7 @@ def register_commands(subparsers, context):
parser_ide_sdk.add_argument(
'-I', '--key', help='Specify ssh private key for connection to the target')
parser_ide_sdk.add_argument(
- '--skip-bitbake', help='Generate IDE configuration but skip calling bibtake to update the SDK.', action='store_true')
+ '--skip-bitbake', help='Generate IDE configuration but skip calling bitbake to update the SDK', action='store_true')
parser_ide_sdk.add_argument(
'-k', '--bitbake-k', help='Pass -k parameter to bitbake', action='store_true')
parser_ide_sdk.add_argument(
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 17/21] oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (15 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 16/21] devtool: ide-sdk: correct help typo Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 18/21] oeqa/selftest/devtool: " Steve Sakoman
` (3 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
If usrmerge is in DISTRO_FEATURES, assumptions in one of the tests would
fail. Improve the test so it works in both cases.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68a27d307a7042e242c49cf3d069469f40e09902)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/recipetool.py | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py b/meta/lib/oeqa/selftest/cases/recipetool.py
index aebea42502..126906df50 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -120,9 +120,15 @@ class RecipetoolAppendTests(RecipetoolBase):
self._try_recipetool_appendfile_fail('/dev/console', self.testfile, ['ERROR: /dev/console cannot be handled by this tool'])
def test_recipetool_appendfile_alternatives(self):
+ lspath = '/bin/ls'
+ dirname = "base_bindir"
+ if "usrmerge" in get_bb_var('DISTRO_FEATURES'):
+ lspath = '/usr/bin/ls'
+ dirname = "bindir"
+
# Now try with a file we know should be an alternative
# (this is very much a fake example, but one we know is reliably an alternative)
- self._try_recipetool_appendfile_fail('/bin/ls', self.testfile, ['ERROR: File /bin/ls is an alternative possibly provided by the following recipes:', 'coreutils', 'busybox'])
+ self._try_recipetool_appendfile_fail(lspath, self.testfile, ['ERROR: File %s is an alternative possibly provided by the following recipes:' % lspath, 'coreutils', 'busybox'])
# Need a test file - should be executable
testfile2 = os.path.join(self.corebase, 'oe-init-build-env')
testfile2name = os.path.basename(testfile2)
@@ -131,12 +137,12 @@ class RecipetoolAppendTests(RecipetoolBase):
'SRC_URI += "file://%s"\n' % testfile2name,
'\n',
'do_install:append() {\n',
- ' install -d ${D}${base_bindir}\n',
- ' install -m 0755 ${WORKDIR}/%s ${D}${base_bindir}/ls\n' % testfile2name,
+ ' install -d ${D}${%s}\n' % dirname,
+ ' install -m 0755 ${WORKDIR}/%s ${D}${%s}/ls\n' % (testfile2name, dirname),
'}\n']
- self._try_recipetool_appendfile('coreutils', '/bin/ls', testfile2, '-r coreutils', expectedlines, [testfile2name])
+ self._try_recipetool_appendfile('coreutils', lspath, testfile2, '-r coreutils', expectedlines, [testfile2name])
# Now try bbappending the same file again, contents should not change
- bbappendfile, _ = self._try_recipetool_appendfile('coreutils', '/bin/ls', self.testfile, '-r coreutils', expectedlines, [testfile2name])
+ bbappendfile, _ = self._try_recipetool_appendfile('coreutils', lspath, self.testfile, '-r coreutils', expectedlines, [testfile2name])
# But file should have
copiedfile = os.path.join(os.path.dirname(bbappendfile), 'coreutils', testfile2name)
result = runCmd('diff -q %s %s' % (testfile2, copiedfile), ignore_status=True)
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 18/21] oeqa/selftest/devtool: Fix for usrmerge in DISTRO_FEATURES
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (16 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 17/21] oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 19/21] python3-bcrypt: drop python3-six from RDEPENDS Steve Sakoman
` (2 subsequent siblings)
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
If usrmerge is in DISTRO_FEATURES, assumptions in one of the tests would
fail. Improve the test so it works in both cases.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afa211746a2aa1993a54cc5a5e1937679341da8e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 44a2a50f2e..fc08906117 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -1792,6 +1792,8 @@ class DevtoolExtractTests(DevtoolBase):
# Definitions
testrecipe = 'mdadm'
testfile = '/sbin/mdadm'
+ if "usrmerge" in get_bb_var('DISTRO_FEATURES'):
+ testfile = '/usr/sbin/mdadm'
testimage = 'oe-selftest-image'
testcommand = '/sbin/mdadm --help'
# Build an image to run
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 19/21] python3-bcrypt: drop python3-six from RDEPENDS
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (17 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 18/21] oeqa/selftest/devtool: " Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 20/21] python3-pyopenssl: " Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 21/21] curl: locale-base-en-us isn't glibc-specific Steve Sakoman
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudnimar@noxmedical.com>
Python 2.7 support was dropped in version 3.2.0 and
python3-six dependency was subsequently dropped in version 3.2.1
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50757cc95b3062f11a7455af33e7a7e74ea1d0f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb
index 93fa645f33..57b08b3700 100644
--- a/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb
+++ b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb
@@ -33,5 +33,4 @@ RDEPENDS:${PN}:class-target += "\
python3-cffi \
python3-ctypes \
python3-shell \
- python3-six \
"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 20/21] python3-pyopenssl: drop python3-six from RDEPENDS
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (18 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 19/21] python3-bcrypt: drop python3-six from RDEPENDS Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 21/21] curl: locale-base-en-us isn't glibc-specific Steve Sakoman
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Guðni Már Gilbert <gudnimar@noxmedical.com>
Python 2.7 support was dropped in version 22.0.0
python3-six was dropped as a dependency in 22.0.0
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6eab37a0cdcc6071f79aa5c8198df0b2ba23dd7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb | 1 -
1 file changed, 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
index 9ea3075482..116f214bfa 100644
--- a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
+++ b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
@@ -15,7 +15,6 @@ FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test"
RDEPENDS:${PN}:class-target = " \
python3-cryptography \
- python3-six \
python3-threading \
"
RDEPENDS:${PN}-tests = "${PN}"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 21/21] curl: locale-base-en-us isn't glibc-specific
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
` (19 preceding siblings ...)
2024-07-04 12:27 ` [OE-core][scarthgap 20/21] python3-pyopenssl: " Steve Sakoman
@ 2024-07-04 12:27 ` Steve Sakoman
20 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:27 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
The musl-locales package provides this too, so we can depend without a
libc override.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8f1d51f4eb6df6c041707d38f60549d13ddab7f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/curl/curl_8.7.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index c74416d7e9..3fdad6a4cf 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -120,6 +120,7 @@ do_install_ptest() {
RDEPENDS:${PN}-ptest += " \
bash \
+ locale-base-en-us \
perl-module-b \
perl-module-base \
perl-module-cwd \
@@ -135,7 +136,6 @@ RDEPENDS:${PN}-ptest += " \
perl-module-storable \
perl-module-time-hires \
"
-RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us"
PACKAGES =+ "lib${BPN}"
--
2.34.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][scarthgap 00/21] Patch review
@ 2025-11-22 22:14 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-11-22 22:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, November 25
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2755
The following changes since commit 471adaa5f77fa3b974eab60a2ded48e360042828:
build-appliance-image: Update to scarthgap head revision (2025-11-17 17:00:25 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Alexander Kanavin (1):
goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task
signatures
Gyorgy Sarvari (2):
musl: patch CVE-2025-26519
glslang: fix compiling with gcc15
Hongxu Jia (1):
spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM
Hugo SIMELIERE (1):
sqlite3: patch CVE-2025-7709
Osama Abdelkader (3):
go: add sdk test
go: extend runtime test
go: remove duplicate arch map in sdk test
Ovidiu Panait (1):
rust-target-config: fix nativesdk-libstd-rs build with baremetal
Peter Marko (4):
spdx30: fix cve status for patch files in VEX
oeqa: fix package detection in go sdk tests
oeqa: drop unnecessary dependency from go runtime tests
oeqa/sdk/buildepoxy: skip test in eSDK
Ross Burton (5):
xserver-xorg: remove redundant patch
xserver-xorg: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
testsdk: allow user to specify which tests to run
oe/sdk: fix empty SDK manifests
lib/oe/go: document map_arch, and raise an error on unknown
architecture
Yogita Urade (3):
xwayland: fix CVE-2025-62229
xwayland: fix CVE-2025-62230
xwayland: fix CVE-2025-62231
meta/classes-recipe/goarch.bbclass | 3 +
.../classes-recipe/rust-target-config.bbclass | 3 +-
meta/classes-recipe/testsdk.bbclass | 3 +
meta/classes/create-spdx-3.0.bbclass | 5 +
meta/lib/oe/go.py | 6 +-
meta/lib/oe/sdk.py | 3 +-
meta/lib/oe/spdx30_tasks.py | 16 ++-
meta/lib/oeqa/files/test.go | 7 ++
meta/lib/oeqa/runtime/cases/go.py | 66 +++++++++++
meta/lib/oeqa/sdk/cases/buildepoxy.py | 4 +
meta/lib/oeqa/sdk/cases/go.py | 107 ++++++++++++++++++
meta/lib/oeqa/sdk/testsdk.py | 3 +-
meta/lib/oeqa/sdkext/testsdk.py | 3 +-
.../musl/musl/CVE-2025-26519-1.patch | 39 +++++++
.../musl/musl/CVE-2025-26519-2.patch | 38 +++++++
meta/recipes-core/musl/musl_git.bb | 4 +-
...uilder.h-add-missing-cstdint-include.patch | 30 +++++
.../glslang/glslang_1.3.275.0.bb | 1 +
...-duplicate-definitions-of-IOPortBase.patch | 28 -----
...after-free-in-present_create_notifie.patch | 91 +++++++++++++++
...ke-the-RT_XKBCLIENT-resource-private.patch | 63 +++++++++++
...KB-resource-when-freeing-XkbInterest.patch | 92 +++++++++++++++
...-Prevent-overflow-in-XkbSetCompatMap.patch | 53 +++++++++
.../xorg-xserver/xserver-xorg_21.1.18.bb | 7 +-
.../xwayland/xwayland/CVE-2025-62229.patch | 89 +++++++++++++++
.../xwayland/CVE-2025-62230-0001.patch | 60 ++++++++++
.../xwayland/CVE-2025-62230-0002.patch | 89 +++++++++++++++
.../xwayland/xwayland/CVE-2025-62231.patch | 50 ++++++++
.../xwayland/xwayland_23.2.5.bb | 4 +
.../sqlite/sqlite3/CVE-2025-7709.patch | 33 ++++++
meta/recipes-support/sqlite/sqlite3_3.45.3.bb | 1 +
31 files changed, 964 insertions(+), 37 deletions(-)
create mode 100644 meta/lib/oeqa/files/test.go
create mode 100644 meta/lib/oeqa/sdk/cases/go.py
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
create mode 100644 meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch
--
2.43.0
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2025-11-22 22:14 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-04 12:26 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 01/21] llvm: Fix CVE-2024-0151 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 02/21] ruby: Fix CVE-2023-36617 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 03/21] openssh: fix CVE-2024-6387 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 04/21] OpenSSL: Security fix for CVE-2024-5535 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 05/21] QEMU: Fix CVE-2024-3446 & CVE-2024-3567 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 06/21] gstreamer: upgrade 1.22.11 -> 1.22.12 Steve Sakoman
2024-07-04 12:26 ` [OE-core][scarthgap 07/21] python3-jinja2: Upgrade 3.1.3 -> 3.1.4 Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 08/21] linux-yocto/6.6: update to v6.6.34 Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 09/21] linux-yocto/6.6: update to v6.6.35 Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 10/21] linux-yocto/6.6: fix AMD boot trace Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 11/21] python3-requests: cleanup RDEPENDS Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 12/21] python3-setuptools: drop python3-2to3 from RDEPENDS Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 13/21] libpam: fix runtime error in pam_pwhistory moudle Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 14/21] rng-tools: ignore incompatible-pointer-types errors for now Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 15/21] pcmanfm: Disable incompatible-pointer-types warning as error Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 16/21] devtool: ide-sdk: correct help typo Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 17/21] oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 18/21] oeqa/selftest/devtool: " Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 19/21] python3-bcrypt: drop python3-six from RDEPENDS Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 20/21] python3-pyopenssl: " Steve Sakoman
2024-07-04 12:27 ` [OE-core][scarthgap 21/21] curl: locale-base-en-us isn't glibc-specific Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-22 22:14 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
2024-06-01 12:24 Steve Sakoman
2024-05-20 13:33 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox