* [OE-core][kirkstone 0/7] Patch review
@ 2022-08-04 14:06 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2022-08-04 14:06 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back
by end of day Sunday.
This should be the almost final set of patches for the 4.0.3 release -
there remains an intermittent linux-yocto reproducibility issue that
needs to get fixed.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4015
The following changes since commit 3564ce3d9b2030dd420362c66147bd327090915c:
initscripts: run umountnfs as a KILL script (2022-07-28 05:32:25 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
openssh: Add openssh-sftp-server to openssh RDEPENDS
Dmitry Baryshkov (1):
linux-firwmare: restore WHENCE_CHKSUM variable
Khem Raj (1):
libgcc: Fix standalone target builds with usrmerge distro feature
Martin Jansa (1):
kernel.bbclass: pass LD also in savedefconfig
Mingli Yu (1):
strace: set COMPATIBLE_HOST for riscv32
Shruthi Ravichandran (1):
package_manager/ipk: do not pipe stderr to stdout
Sundeep KOKKONDA (1):
binutils: stable 2.38 branch updates
meta/classes/kernel.bbclass | 2 +-
meta/lib/oe/package_manager/ipk/__init__.py | 23 +++++++++++--------
.../openssh/openssh_8.9p1.bb | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
meta/recipes-devtools/gcc/libgcc-common.inc | 8 +++++--
meta/recipes-devtools/strace/strace_5.16.bb | 3 +++
.../linux-firmware/linux-firmware_20220708.bb | 5 +++-
7 files changed, 29 insertions(+), 16 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-04-15 15:26 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-04-15 15:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5185
The following changes since commit ff4b57ffff903a93b710284c7c7f916ddd74712f:
uninative: Upgrade to 3.9 to include glibc 2.37 (2023-04-04 05:32:01 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
curl: CVE-2023-27533 TELNET option IAC injection
curl: CVE-2023-27534 SFTP path resolving discrepancy
Joe Slater (1):
go: fix CVE-2022-41724, 41725
Mark Hatle (1):
openssl: Move microblaze to linux-latomic config
Pawan Badganchi (1):
tiff: Add fix for CVE-2022-4645
Peter Marko (1):
package.bbclass: correct check for /build in copydebugsources()
Yash Shinde (1):
binutils : Fix CVE-2023-1579
meta/classes/package.bbclass | 2 +-
.../openssl/openssl_3.0.8.bb | 4 +-
.../binutils/binutils-2.38.inc | 4 +
.../binutils/0021-CVE-2023-1579-1.patch | 459 ++++
.../binutils/0021-CVE-2023-1579-2.patch | 2127 +++++++++++++++
.../binutils/0021-CVE-2023-1579-3.patch | 156 ++
.../binutils/0021-CVE-2023-1579-4.patch | 37 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +-
.../go/go-1.19/add_godebug.patch | 84 +
.../go/go-1.19/cve-2022-41724.patch | 2391 +++++++++++++++++
.../go/go-1.19/cve-2022-41725.patch | 652 +++++
...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 5 +-
.../curl/curl/CVE-2023-27533.patch | 208 ++
.../curl/curl/CVE-2023-27534.patch | 122 +
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
15 files changed, 6252 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/add_godebug.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-10-30 2:20 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-10-30 2:20 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6115
The following changes since commit 7681436190354b5c5b6c3a82b3094badd81113de:
vim: Upgrade 9.0.2009 -> 9.0.2048 (2023-10-20 06:38:00 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
curl: fix CVE-2023-38545
curl: fix CVE-2023-38546
Fahad Arslan (2):
linux-firmware: create separate package for cirrus and cnm firmwares
linux-firmware: create separate packages
Niko Mauno (1):
package_rpm: Allow compression mode override
Peter Marko (1):
openssl: Upgrade 3.0.11 -> 3.0.12
Steve Sakoman (1):
cve-exclusion_5.10.inc: update for 5.10.197
meta/classes/package_rpm.bbclass | 6 +-
.../{openssl_3.0.11.bb => openssl_3.0.12.bb} | 2 +-
.../linux-firmware/linux-firmware_20230804.bb | 260 +++++++++++++++++-
.../linux/cve-exclusion_5.10.inc | 123 +++++++--
.../curl/curl/CVE-2023-38545.patch | 133 +++++++++
.../curl/curl/CVE-2023-38546.patch | 137 +++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
7 files changed, 633 insertions(+), 30 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2023-11-08 22:52 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-11-08 22:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 10
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6158
The following changes since commit 0eb8e67aa6833df0cde29833568a70e65c21d7e5:
build-appliance-image: Update to kirkstone head revision (2023-11-03 04:27:49 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Narpat Mali (1):
python3-jinja2: Fixed ptest result output as per the standard
Ross Burton (3):
cve-check: sort the package list in the JSON report
cve-check: slightly more verbose warning when adding the same package
twice
cve-check: don't warn if a patch is remote
Sanjana (1):
binutils: Fix CVE-2022-47010
Soumya Sambu (1):
libwebp: Fix CVE-2023-4863
Vijay Anusuri (1):
xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380
meta/classes/cve-check.bbclass | 2 +
meta/lib/oe/cve_check.py | 13 +--
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0032-CVE-2022-47010.patch | 38 +++++++
.../python/python3-jinja2/run-ptest | 2 +-
.../xserver-xorg/CVE-2023-5367.patch | 84 +++++++++++++++
.../xserver-xorg/CVE-2023-5380.patch | 102 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
...23-5129.patch => CVE-2023-4863-0001.patch} | 20 ++--
.../webp/files/CVE-2023-4863-0002.patch | 53 +++++++++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 3 +-
11 files changed, 303 insertions(+), 17 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (97%)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-01-17 15:58 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-01-17 15:58 UTC (permalink / raw)
To: openembedded-core
Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458
The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:
linux-firmware: upgrade 20230804 -> 20231030 (2024-01-09 05:50:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
systemd: fix CVE-2023-7008
Martin Jansa (1):
pybootchartgui: fix 2 SyntaxWarnings
Peter Marko (2):
sqlite3: backport patch for CVE-2023-7104
zlib: ignore CVE-2023-6992
Poonam Jadhav (1):
Revert "curl: Backport fix CVE-2023-32001"
Soumya Sambu (1):
cpio: upgrade to 2.14
Vivek Kumbhar (1):
openssl: Backport fix for CVE-2023-6129
.../openssl/openssl/CVE-2023-6129.patch | 113 ++++
.../openssl/openssl_3.0.12.bb | 1 +
.../systemd/systemd/CVE-2023-7008.patch | 40 ++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +
...charset_alias-when-building-for-musl.patch | 30 -
...ove-superfluous-declaration-of-progr.patch | 28 -
...-calculation-of-CRC-in-copy-out-mode.patch | 58 --
...appending-to-archives-bigger-than-2G.patch | 312 ----------
.../cpio/cpio-2.13/CVE-2021-38185.patch | 581 ------------------
.../cpio/{cpio_2.13.bb => cpio_2.14.bb} | 9 +-
...e-needed-header-for-major-minor-macr.patch | 47 ++
.../curl/curl/CVE-2023-32001.patch | 39 --
meta/recipes-support/curl/curl_7.82.0.bb | 1 -
.../sqlite/files/CVE-2023-7104.patch | 44 ++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
scripts/pybootchartgui/pybootchartgui/draw.py | 4 +-
17 files changed, 254 insertions(+), 1058 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
create mode 100644 meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-02-06 15:45 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-02-06 15:45 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6539
The following changes since commit 60d88989698968c13f8e641f0ba1a82fcf700fb7:
image-live.bbclass: LIVE_ROOTFS_TYPE support compression (2024-01-30 07:10:42 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepthi Hemraj (4):
binutils: internal gdb: Fix CVE-2023-39129
binutils: internal gdb: Fix CVE-2023-39130
gdb: Fix CVE-2023-39129
gdb: Fix CVE-2023-39130
Peter Marko (3):
curl: ignore CVE-2023-42915
gcc-shared-source: ignore CVE-2023-4039
openssl: Upgrade 3.0.12 -> 3.0.13
.../openssl/openssl/CVE-2023-5678.patch | 180 ----------
.../openssl/openssl/CVE-2023-6129.patch | 113 ------
.../openssl/openssl/CVE-2023-6237.patch | 127 -------
.../{openssl_3.0.12.bb => openssl_3.0.13.bb} | 6 +-
.../binutils/binutils-2.38.inc | 2 +
.../binutils/0035-CVE-2023-39129.patch | 50 +++
.../binutils/0036-CVE-2023-39130.patch | 326 ++++++++++++++++++
.../gcc/gcc-shared-source.inc | 3 +
meta/recipes-devtools/gdb/gdb.inc | 2 +
.../gdb/gdb/0012-CVE-2023-39129.patch | 50 +++
.../gdb/gdb/0013-CVE-2023-39130.patch | 326 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
12 files changed, 764 insertions(+), 424 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.12.bb => openssl_3.0.13.bb} (97%)
create mode 100644 meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39129.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-04-17 20:35 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-04-17 20:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, April 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6817
The following changes since commit f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7:
tcl: skip async and event tests in run-ptest (2024-04-16 05:00:24 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Harish Sadineni (1):
rust: add CVE_CHECK_IGNORE for CVE-2024-24576
Meenali Gupta (1):
libssh2: fix CVE-2023-48795
Poonam Jadhav (1):
ppp: Add RSA-MD in LICENSE
Sana Kazi (1):
systemd: Fix vlan qos mapping
Soumya Sambu (1):
nghttp2: Fix CVE-2024-28182
Steve Sakoman (1):
valgrind: skip intermittently failing ptest
Yogita Urade (1):
ruby: fix CVE-2024-27281
meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 2 +-
.../systemd/fix-vlan-qos-mapping.patch | 140 ++++++
meta/recipes-core/systemd/systemd_250.5.bb | 1 +
.../ruby/ruby/CVE-2024-27281.patch | 97 ++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
meta/recipes-devtools/rust/rust-source.inc | 3 +
.../valgrind/valgrind/remove-for-all | 2 +
.../libssh2/libssh2/CVE-2023-48795.patch | 459 ++++++++++++++++++
.../recipes-support/libssh2/libssh2_1.10.0.bb | 1 +
.../nghttp2/nghttp2/CVE-2024-28182-0001.patch | 110 +++++
.../nghttp2/nghttp2/CVE-2024-28182-0002.patch | 105 ++++
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 2 +
12 files changed, 922 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/systemd/systemd/fix-vlan-qos-mapping.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0001.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-05-30 18:37 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-05-30 18:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirktsone and have comments back by
end of day Saturday, June 1
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6984
The following changes since commit e0a1ed7aa1f2b12d985414db9a75d6e151ae8d21:
initscripts: Add custom mount args for /var/lib (2024-05-22 05:07:30 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (5):
ghostscript: fix CVE-2024-33870
ghostscript: fix CVE-2024-33869
ghostscript: fix CVE-2024-33871
ghostscript: fix CVE-2024-29510
ghostscript: fix CVE-2023-52722
Soumya Sambu (2):
util-linux: Fix CVE-2024-28085
git: Fix multiple CVEs
meta/recipes-core/util-linux/util-linux.inc | 5 +
.../util-linux/CVE-2024-28085-0001.patch | 202 +
.../util-linux/CVE-2024-28085-0002.patch | 172 +
.../util-linux/CVE-2024-28085-0003.patch | 223 +
.../util-linux/CVE-2024-28085-0004.patch | 36 +
.../util-linux/CVE-2024-28085-0005.patch | 34 +
.../git/git/CVE-2024-32002-0001.patch | 69 +
.../git/git/CVE-2024-32002-0002.patch | 213 +
.../git/git/CVE-2024-32002-0003.patch | 141 +
.../git/git/CVE-2024-32002-0004.patch | 150 +
.../git/git/CVE-2024-32004-0001.patch | 95 +
.../git/git/CVE-2024-32004-0002.patch | 187 +
.../git/git/CVE-2024-32004-0003.patch | 158 +
.../git/git/CVE-2024-32020.patch | 114 +
.../git/git/CVE-2024-32021-0001.patch | 89 +
.../git/git/CVE-2024-32021-0002.patch | 65 +
.../git/git/CVE-2024-32465.patch | 206 +
meta/recipes-devtools/git/git_2.35.7.bb | 11 +
.../ghostscript/CVE-2023-52722.patch | 43 +
.../ghostscript/CVE-2024-29510.patch | 84 +
.../ghostscript/CVE-2024-33869-0001.patch | 39 +
.../ghostscript/CVE-2024-33869-0002.patch | 52 +
.../ghostscript/CVE-2024-33870.patch | 92 +
.../ghostscript/CVE-2024-33871-0001.patch | 4863 +++++++++++++++++
.../ghostscript/CVE-2024-33871-0002.patch | 43 +
.../ghostscript/ghostscript_9.55.0.bb | 7 +
26 files changed, 7393 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0003.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0004.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0005.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0003.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0004.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0003.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32020.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32465.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-52722.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-07-04 12:32 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-07-04 12:32 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, July 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7103
The following changes since commit fbc8f5381e8e1da0d06f7f8e5b8c63a49b1858c2:
man-pages: remove conflict pages (2024-06-21 12:37:32 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
gstreamer1.0-plugins-base: fix CVE-2024-4453
Jonas Gorski (1):
linuxloader: add -armhf on arm only for TARGET_FPU 'hard'
Jose Quaresma (1):
openssh: fix CVE-2024-6387
Poonam Jadhav (2):
glibc-tests: correctly pull in the actual tests when installing -ptest
package
glibc-tests: Add missing bash ptest dependency
Siddharth Doshi (1):
OpenSSL: Security fix for CVE-2024-5535
Vijay Anusuri (1):
wget: Fix for CVE-2024-38428
meta/classes/linuxloader.bbclass | 2 +-
.../openssh/openssh/CVE-2024-6387.patch | 27 +
.../openssh/openssh_8.9p1.bb | 1 +
.../openssl/openssl/CVE-2024-5535_1.patch | 115 ++
.../openssl/openssl/CVE-2024-5535_2.patch | 44 +
.../openssl/openssl/CVE-2024-5535_3.patch | 84 ++
.../openssl/openssl/CVE-2024-5535_4.patch | 178 +++
.../openssl/openssl/CVE-2024-5535_5.patch | 1175 +++++++++++++++++
.../openssl/openssl/CVE-2024-5535_6.patch | 45 +
.../openssl/openssl/CVE-2024-5535_7.patch | 68 +
.../openssl/openssl/CVE-2024-5535_8.patch | 273 ++++
.../openssl/openssl/CVE-2024-5535_9.patch | 205 +++
.../openssl/openssl_3.0.14.bb | 9 +
meta/recipes-core/glibc/glibc-tests_2.35.bb | 4 +-
meta/recipes-core/glibc/glibc/run-ptest | 2 +-
.../wget/wget/CVE-2024-38428.patch | 79 ++
meta/recipes-extended/wget/wget_1.21.4.bb | 1 +
.../CVE-2024-4453.patch | 65 +
.../gstreamer1.0-plugins-base_1.20.7.bb | 1 +
19 files changed, 2374 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-38428.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-4453.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-08-30 12:52 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-08-30 12:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7295
The following changes since commit 963085afced737863cf4ff8515a1cf08365d5d87:
libsoup: fix compile error on centos7 (2024-08-23 14:34:03 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (1):
bind: Upgrade 9.18.24 -> 9.18.28
Hitendra Prajapati (1):
vim: upgrade from 9.0.2190 -> 9.1.0114
Hugo SIMELIERE (1):
cryptodev-module: Fix build for linux 5.10.220
Ming Liu (1):
grub: fs/fat: Don't error when mtime is 0
Peter Marko (2):
libyaml: Ignore CVE-2024-35325
curl: Ignore CVE-2024-32928
Siddharth Doshi (1):
vim: Upgrade 9.1.0114 -> 9.1.0682
...1-fs-fat-Don-t-error-when-mtime-is-0.patch | 70 +++++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../bind/{bind_9.18.24.bb => bind_9.18.28.bb} | 2 +-
.../cryptodev/cryptodev-module_1.12.bb | 1 +
.../0001-Fix-build-for-linux-5.10.220.patch | 32 +++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 2 +
meta/recipes-support/libyaml/libyaml_0.2.5.bb | 2 +
...m-add-knob-whether-elf.h-are-checked.patch | 39 -----------
.../vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} | 0
meta/recipes-support/vim/vim.inc | 5 +-
.../vim/{vim_9.0.bb => vim_9.1.bb} | 0
11 files changed, 111 insertions(+), 43 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
rename meta/recipes-connectivity/bind/{bind_9.18.24.bb => bind_9.18.28.bb} (97%)
create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-linux-5.10.220.patch
delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
rename meta/recipes-support/vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} (100%)
rename meta/recipes-support/vim/{vim_9.0.bb => vim_9.1.bb} (100%)
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2024-12-11 14:47 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2024-12-11 14:47 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 13
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/615
The following changes since commit e42b6a40a3a01e328966bb5ee1bb3e0993975b15:
resulttool: Improve repo layout for oeselftest results (2024-12-04 05:50:49 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
dbus: disable assertions and enable only modular tests
Divya Chellam (1):
libpam: fix CVE-2024-10041
Jiaying Song (1):
python3-requests: fix CVE-2024-35195
Khem Raj (1):
unzip: Fix configure tests to use modern C
Peter Marko (2):
libsdl2: ignore CVE-2020-14409 and CVE-2020-14410
rootfs-postcommands.bbclass: make opkg status reproducible
Ross Burton (1):
sanity: check for working user namespaces
meta/classes/rootfs-postcommands.bbclass | 4 +
meta/classes/sanity.bbclass | 24 ++++
meta/recipes-core/dbus/dbus_1.14.8.bb | 3 +-
.../python3-requests/CVE-2024-35195.patch | 121 ++++++++++++++++++
.../python/python3-requests_2.27.1.bb | 4 +-
.../pam/libpam/CVE-2024-10041.patch | 98 ++++++++++++++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
...rrect-system-headers-and-prototypes-.patch | 112 ++++++++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
.../libsdl2/libsdl2_2.0.20.bb | 3 +
10 files changed, 368 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-35195.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
create mode 100644 meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch
--
2.34.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-02-12 14:21 Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 1/7] go: Fix CVE-2024-45336 Steve Sakoman
` (6 more replies)
0 siblings, 7 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, February 14
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1001
The following changes since commit a397c152abf4f3da1323594e79ebac844a2c9f45:
glibc: stable 2.35 branch updates (2025-01-30 08:17:32 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.176
linux-yocto/5.15: update to v5.15.178
Khem Raj (1):
python3: Treat UID/GID overflow as failure
Nikhil R (1):
glibc: Suppress GCC -Os warning on user2netname for sunrpc
Pedro Ferreira (1):
rust-common.bbclass: soft assignment for RUSTLIB path
Peter Marko (1):
cmake: apply parallel build settings to ptest tasks
Praveen Kumar (1):
go: Fix CVE-2024-45336
meta/classes/cmake.bbclass | 2 +
meta/classes/rust-common.bbclass | 2 +-
...press-gcc-os-warning-on-user2netname.patch | 61 +++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-45336.patch | 394 ++++++++++++++++++
...e-treat-overflow-in-UID-GID-as-failu.patch | 40 ++
.../python/python3_3.10.16.bb | 1 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
11 files changed, 520 insertions(+), 20 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
create mode 100644 meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 1/7] go: Fix CVE-2024-45336
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176 Steve Sakoman
` (5 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Praveen Kumar <praveen.kumar@windriver.com>
The HTTP client drops sensitive headers after following a cross-domain redirect.
For example, a request to a.com/ containing an Authorization header which is redirected to
b.com/ will not send that header to b.com. In the event that the client received a subsequent
same-domain redirect, however, the sensitive headers would be restored. For example, a chain
of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the
Authorization header to b.com/2.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45336
Upstream-patch:
https://github.com/golang/go/commit/b72d56f98d6620ebe07626dca4bb67ea8e185379
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-45336.patch | 394 ++++++++++++++++++
2 files changed, 395 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index c483590931..34ad70572f 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -61,6 +61,7 @@ SRC_URI += "\
file://CVE-2024-34155.patch \
file://CVE-2024-34156.patch \
file://CVE-2024-34158.patch \
+ file://CVE-2024-45336.patch \
"
SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch b/meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
new file mode 100644
index 0000000000..3755bb1b57
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
@@ -0,0 +1,394 @@
+From b72d56f98d6620ebe07626dca4bb67ea8e185379 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Fri, 22 Nov 2024 12:34:11 -0800
+Subject: [PATCH] net/http: persist header stripping across repeated redirects
+
+When an HTTP redirect changes the host of a request, we drop
+sensitive headers such as Authorization from the redirected request.
+Fix a bug where a chain of redirects could result in sensitive
+headers being sent to the wrong host:
+
+ 1. request to a.tld with Authorization header
+ 2. a.tld redirects to b.tld
+ 3. request to b.tld with no Authorization header
+ 4. b.tld redirects to b.tld
+ 3. request to b.tld with Authorization header restored
+
+Thanks to Kyle Seely for reporting this issue.
+
+Fixes #70530
+For #71210
+Fixes CVE-2024-45336
+
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1641
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+Commit-Queue: Roland Shoemaker <bracewell@google.com>
+Change-Id: Id7b1e3c90345566b8ee1a51f65dbb179da6eb427
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1765
+Reviewed-on: https://go-review.googlesource.com/c/go/+/643106
+Reviewed-by: Michael Pratt <mpratt@google.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+
+CVE: CVE-2024-45336
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/b72d56f98d6620ebe07626dca4bb67ea8e185379]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ src/net/http/client.go | 65 +++++++-------
+ src/net/http/client_test.go | 98 +++++++++++++++++-----
+ src/net/http/internal/testcert/testcert.go | 84 +++++++++----------
+ 3 files changed, 153 insertions(+), 94 deletions(-)
+
+diff --git a/src/net/http/client.go b/src/net/http/client.go
+index b2dd445..13b6152 100644
+--- a/src/net/http/client.go
++++ b/src/net/http/client.go
+@@ -615,8 +615,9 @@ func (c *Client) do(req *Request) (retres *Response, reterr error) {
+ reqBodyClosed = false // have we closed the current req.Body?
+
+ // Redirect behavior:
+- redirectMethod string
+- includeBody bool
++ redirectMethod string
++ includeBody = true
++ stripSensitiveHeaders = false
+ )
+ uerr := func(err error) error {
+ // the body may have been closed already by c.send()
+@@ -681,7 +682,12 @@ func (c *Client) do(req *Request) (retres *Response, reterr error) {
+ // in case the user set Referer on their first request.
+ // If they really want to override, they can do it in
+ // their CheckRedirect func.
+- copyHeaders(req)
++ if !stripSensitiveHeaders && reqs[0].URL.Host != req.URL.Host {
++ if !shouldCopyHeaderOnRedirect(reqs[0].URL, req.URL) {
++ stripSensitiveHeaders = true
++ }
++ }
++ copyHeaders(req, stripSensitiveHeaders)
+
+ // Add the Referer header from the most recent
+ // request URL to the new one, if it's not https->http:
+@@ -747,7 +753,7 @@ func (c *Client) do(req *Request) (retres *Response, reterr error) {
+ // makeHeadersCopier makes a function that copies headers from the
+ // initial Request, ireq. For every redirect, this function must be called
+ // so that it can copy headers into the upcoming Request.
+-func (c *Client) makeHeadersCopier(ireq *Request) func(*Request) {
++func (c *Client) makeHeadersCopier(ireq *Request) func(req *Request, stripSensitiveHeaders bool) {
+ // The headers to copy are from the very initial request.
+ // We use a closured callback to keep a reference to these original headers.
+ var (
+@@ -761,8 +767,7 @@ func (c *Client) makeHeadersCopier(ireq *Request) func(*Request) {
+ }
+ }
+
+- preq := ireq // The previous request
+- return func(req *Request) {
++ return func(req *Request, stripSensitiveHeaders bool) {
+ // If Jar is present and there was some initial cookies provided
+ // via the request header, then we may need to alter the initial
+ // cookies as we follow redirects since each redirect may end up
+@@ -799,12 +804,15 @@ func (c *Client) makeHeadersCopier(ireq *Request) func(*Request) {
+ // Copy the initial request's Header values
+ // (at least the safe ones).
+ for k, vv := range ireqhdr {
+- if shouldCopyHeaderOnRedirect(k, preq.URL, req.URL) {
++ sensitive := false
++ switch CanonicalHeaderKey(k) {
++ case "Authorization", "Www-Authenticate", "Cookie", "Cookie2":
++ sensitive = true
++ }
++ if !(sensitive && stripSensitiveHeaders) {
+ req.Header[k] = vv
+ }
+ }
+-
+- preq = req // Update previous Request with the current request
+ }
+ }
+
+@@ -983,28 +991,23 @@ func (b *cancelTimerBody) Close() error {
+ return err
+ }
+
+-func shouldCopyHeaderOnRedirect(headerKey string, initial, dest *url.URL) bool {
+- switch CanonicalHeaderKey(headerKey) {
+- case "Authorization", "Www-Authenticate", "Cookie", "Cookie2":
+- // Permit sending auth/cookie headers from "foo.com"
+- // to "sub.foo.com".
+-
+- // Note that we don't send all cookies to subdomains
+- // automatically. This function is only used for
+- // Cookies set explicitly on the initial outgoing
+- // client request. Cookies automatically added via the
+- // CookieJar mechanism continue to follow each
+- // cookie's scope as set by Set-Cookie. But for
+- // outgoing requests with the Cookie header set
+- // directly, we don't know their scope, so we assume
+- // it's for *.domain.com.
+-
+- ihost := canonicalAddr(initial)
+- dhost := canonicalAddr(dest)
+- return isDomainOrSubdomain(dhost, ihost)
+- }
+- // All other headers are copied:
+- return true
++func shouldCopyHeaderOnRedirect(initial, dest *url.URL) bool {
++ // Permit sending auth/cookie headers from "foo.com"
++ // to "sub.foo.com".
++
++ // Note that we don't send all cookies to subdomains
++ // automatically. This function is only used for
++ // Cookies set explicitly on the initial outgoing
++ // client request. Cookies automatically added via the
++ // CookieJar mechanism continue to follow each
++ // cookie's scope as set by Set-Cookie. But for
++ // outgoing requests with the Cookie header set
++ // directly, we don't know their scope, so we assume
++ // it's for *.domain.com.
++
++ ihost := canonicalAddr(initial)
++ dhost := canonicalAddr(dest)
++ return isDomainOrSubdomain(dhost, ihost)
+ }
+
+ // isDomainOrSubdomain reports whether sub is a subdomain (or exact
+diff --git a/src/net/http/client_test.go b/src/net/http/client_test.go
+index 7a0aa53..8bf1808 100644
+--- a/src/net/http/client_test.go
++++ b/src/net/http/client_test.go
+@@ -1551,6 +1551,54 @@ func TestClientCopyHeadersOnRedirect(t *testing.T) {
+ t.Errorf("result = %q; want ok", got)
+ }
+ }
++// Issue #70530: Once we strip a header on a redirect to a different host,
++// the header should stay stripped across any further redirects.
++func TestClientStripHeadersOnRepeatedRedirect(t *testing.T) {
++ run(t, testClientStripHeadersOnRepeatedRedirect)
++}
++func testClientStripHeadersOnRepeatedRedirect(t *testing.T, mode testMode) {
++ var proto string
++ ts := newClientServerTest(t, mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++ if r.Host+r.URL.Path != "a.example.com/" {
++ if h := r.Header.Get("Authorization"); h != "" {
++ t.Errorf("on request to %v%v, Authorization=%q, want no header", r.Host, r.URL.Path, h)
++ }
++ }
++ // Follow a chain of redirects from a to b and back to a.
++ // The Authorization header is stripped on the first redirect to b,
++ // and stays stripped even if we're sent back to a.
++ switch r.Host + r.URL.Path {
++ case "a.example.com/":
++ Redirect(w, r, proto+"://b.example.com/", StatusFound)
++ case "b.example.com/":
++ Redirect(w, r, proto+"://b.example.com/redirect", StatusFound)
++ case "b.example.com/redirect":
++ Redirect(w, r, proto+"://a.example.com/redirect", StatusFound)
++ case "a.example.com/redirect":
++ w.Header().Set("X-Done", "true")
++ default:
++ t.Errorf("unexpected request to %v", r.URL)
++ }
++ })).ts
++ proto, _, _ = strings.Cut(ts.URL, ":")
++
++ c := ts.Client()
++ c.Transport.(*Transport).Dial = func(_ string, _ string) (net.Conn, error) {
++ return net.Dial("tcp", ts.Listener.Addr().String())
++ }
++
++ req, _ := NewRequest("GET", proto+"://a.example.com/", nil)
++ req.Header.Add("Cookie", "foo=bar")
++ req.Header.Add("Authorization", "secretpassword")
++ res, err := c.Do(req)
++ if err != nil {
++ t.Fatal(err)
++ }
++ defer res.Body.Close()
++ if res.Header.Get("X-Done") != "true" {
++ t.Fatalf("response missing expected header: X-Done=true")
++ }
++}
+
+ // Issue 22233: copy host when Client follows a relative redirect.
+ func TestClientCopyHostOnRedirect(t *testing.T) {
+@@ -1716,31 +1764,39 @@ func TestClientAltersCookiesOnRedirect(t *testing.T) {
+ // Part of Issue 4800
+ func TestShouldCopyHeaderOnRedirect(t *testing.T) {
+ tests := []struct {
+- header string
+ initialURL string
+ destURL string
+ want bool
+ }{
+- {"User-Agent", "http://foo.com/", "http://bar.com/", true},
+- {"X-Foo", "http://foo.com/", "http://bar.com/", true},
+-
+ // Sensitive headers:
+- {"cookie", "http://foo.com/", "http://bar.com/", false},
+- {"cookie2", "http://foo.com/", "http://bar.com/", false},
+- {"authorization", "http://foo.com/", "http://bar.com/", false},
+- {"www-authenticate", "http://foo.com/", "http://bar.com/", false},
+- {"authorization", "http://foo.com/", "http://[::1%25.foo.com]/", false},
++ {"http://foo.com/", "http://bar.com/", false},
++ {"http://foo.com/", "http://bar.com/", false},
++ {"http://foo.com/", "http://bar.com/", false},
++ {"http://foo.com/", "https://foo.com/", true},
++ {"http://foo.com:1234/", "http://foo.com:4321/", true},
++ {"http://foo.com/", "http://bar.com/", false},
++ {"http://foo.com/", "http://[::1%25.foo.com]/", false},
+
+ // But subdomains should work:
+- {"www-authenticate", "http://foo.com/", "http://foo.com/", true},
+- {"www-authenticate", "http://foo.com/", "http://sub.foo.com/", true},
+- {"www-authenticate", "http://foo.com/", "http://notfoo.com/", false},
+- {"www-authenticate", "http://foo.com/", "https://foo.com/", false},
+- {"www-authenticate", "http://foo.com:80/", "http://foo.com/", true},
+- {"www-authenticate", "http://foo.com:80/", "http://sub.foo.com/", true},
+- {"www-authenticate", "http://foo.com:443/", "https://foo.com/", true},
+- {"www-authenticate", "http://foo.com:443/", "https://sub.foo.com/", true},
+- {"www-authenticate", "http://foo.com:1234/", "http://foo.com/", false},
++ {"http://foo.com/", "http://foo.com/", true},
++ {"http://foo.com/", "http://sub.foo.com/", true},
++ {"http://foo.com/", "http://notfoo.com/", false},
++ {"http://foo.com/", "https://foo.com/", true},
++ {"http://foo.com:80/", "http://foo.com/", true},
++ {"http://foo.com:80/", "http://sub.foo.com/", true},
++ {"http://foo.com:443/", "https://foo.com/", true},
++ {"http://foo.com:443/", "https://sub.foo.com/", true},
++ {"http://foo.com:1234/", "http://foo.com/", true},
++
++ {"http://foo.com/", "http://foo.com/", true},
++ {"http://foo.com/", "http://sub.foo.com/", true},
++ {"http://foo.com/", "http://notfoo.com/", false},
++ {"http://foo.com/", "https://foo.com/", true},
++ {"http://foo.com:80/", "http://foo.com/", true},
++ {"http://foo.com:80/", "http://sub.foo.com/", true},
++ {"http://foo.com:443/", "https://foo.com/", true},
++ {"http://foo.com:443/", "https://sub.foo.com/", true},
++ {"http://foo.com:1234/", "http://foo.com/", true},
+ }
+ for i, tt := range tests {
+ u0, err := url.Parse(tt.initialURL)
+@@ -1753,10 +1809,10 @@ func TestShouldCopyHeaderOnRedirect(t *testing.T) {
+ t.Errorf("%d. dest URL %q parse error: %v", i, tt.destURL, err)
+ continue
+ }
+- got := Export_shouldCopyHeaderOnRedirect(tt.header, u0, u1)
++ got := Export_shouldCopyHeaderOnRedirect(u0, u1)
+ if got != tt.want {
+- t.Errorf("%d. shouldCopyHeaderOnRedirect(%q, %q => %q) = %v; want %v",
+- i, tt.header, tt.initialURL, tt.destURL, got, tt.want)
++ t.Errorf("%d. shouldCopyHeaderOnRedirect(%q => %q) = %v; want %v",
++ i, tt.initialURL, tt.destURL, got, tt.want)
+ }
+ }
+ }
+diff --git a/src/net/http/internal/testcert/testcert.go b/src/net/http/internal/testcert/testcert.go
+index d510e79..78ce42e 100644
+--- a/src/net/http/internal/testcert/testcert.go
++++ b/src/net/http/internal/testcert/testcert.go
+@@ -10,56 +10,56 @@ import "strings"
+ // LocalhostCert is a PEM-encoded TLS cert with SAN IPs
+ // "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.
+ // generated from src/crypto/tls:
+-// go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
++// go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com,*.example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
+ var LocalhostCert = []byte(`-----BEGIN CERTIFICATE-----
+-MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS
++MIIDSDCCAjCgAwIBAgIQEP/md970HysdBTpuzDOf0DANBgkqhkiG9w0BAQsFADAS
+ MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
+ MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+-MIIBCgKCAQEA6Gba5tHV1dAKouAaXO3/ebDUU4rvwCUg/CNaJ2PT5xLD4N1Vcb8r
+-bFSW2HXKq+MPfVdwIKR/1DczEoAGf/JWQTW7EgzlXrCd3rlajEX2D73faWJekD0U
+-aUgz5vtrTXZ90BQL7WvRICd7FlEZ6FPOcPlumiyNmzUqtwGhO+9ad1W5BqJaRI6P
+-YfouNkwR6Na4TzSj5BrqUfP0FwDizKSJ0XXmh8g8G9mtwxOSN3Ru1QFc61Xyeluk
+-POGKBV/q6RBNklTNe0gI8usUMlYyoC7ytppNMW7X2vodAelSu25jgx2anj9fDVZu
+-h7AXF5+4nJS4AAt0n1lNY7nGSsdZas8PbQIDAQABo4GIMIGFMA4GA1UdDwEB/wQE
++MIIBCgKCAQEAxcl69ROJdxjN+MJZnbFrYxyQooADCsJ6VDkuMyNQIix/Hk15Nk/u
++FyBX1Me++aEpGmY3RIY4fUvELqT/srvAHsTXwVVSttMcY8pcAFmXSqo3x4MuUTG/
++jCX3Vftj0r3EM5M8ImY1rzA/jqTTLJg00rD+DmuDABcqQvoXw/RV8w1yTRi5BPoH
++DFD/AWTt/YgMvk1l2Yq/xI8VbMUIpjBoGXxWsSevQ5i2s1mk9/yZzu0Ysp1tTlzD
++qOPa4ysFjBitdXiwfxjxtv5nXqOCP5rheKO0sWLk0fetMp1OV5JSJMAJw6c2ZMkl
++U2WMqAEpRjdE/vHfIuNg+yGaRRqI07NZRQIDAQABo4GXMIGUMA4GA1UdDwEB/wQE
+ AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+-DgQWBBStsdjh3/JCXXYlQryOrL4Sh7BW5TAuBgNVHREEJzAlggtleGFtcGxlLmNv
+-bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAxWGI
+-5NhpF3nwwy/4yB4i/CwwSpLrWUa70NyhvprUBC50PxiXav1TeDzwzLx/o5HyNwsv
+-cxv3HdkLW59i/0SlJSrNnWdfZ19oTcS+6PtLoVyISgtyN6DpkKpdG1cOkW3Cy2P2
+-+tK/tKHRP1Y/Ra0RiDpOAmqn0gCOFGz8+lqDIor/T7MTpibL3IxqWfPrvfVRHL3B
+-grw/ZQTTIVjjh4JBSW3WyWgNo/ikC1lrVxzl4iPUGptxT36Cr7Zk2Bsg0XqwbOvK
+-5d+NTDREkSnUbie4GeutujmX3Dsx88UiV6UY/4lHJa6I5leHUNOHahRbpbWeOfs/
+-WkBKOclmOV2xlTVuPw==
++DgQWBBQR5QIzmacmw78ZI1C4MXw7Q0wJ1jA9BgNVHREENjA0ggtleGFtcGxlLmNv
++bYINKi5leGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG
++9w0BAQsFAAOCAQEACrRNgiioUDzxQftd0fwOa6iRRcPampZRDtuaF68yNHoNWbOu
++LUwc05eOWxRq3iABGSk2xg+FXM3DDeW4HhAhCFptq7jbVZ+4Jj6HeJG9mYRatAxR
++Y/dEpa0D0EHhDxxVg6UzKOXB355n0IetGE/aWvyTV9SiDs6QsaC57Q9qq1/mitx5
++2GFBoapol9L5FxCc77bztzK8CpLujkBi25Vk6GAFbl27opLfpyxkM+rX/T6MXCPO
++6/YBacNZ7ff1/57Etg4i5mNA6ubCpuc4Gi9oYqCNNohftr2lkJr7REdDR6OW0lsL
++rF7r4gUnKeC7mYIH1zypY7laskopiLFAfe96Kg==
+ -----END CERTIFICATE-----`)
+
+ // LocalhostKey is the private key for LocalhostCert.
+ var LocalhostKey = []byte(testingKey(`-----BEGIN RSA TESTING KEY-----
+-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDoZtrm0dXV0Aqi
+-4Bpc7f95sNRTiu/AJSD8I1onY9PnEsPg3VVxvytsVJbYdcqr4w99V3AgpH/UNzMS
+-gAZ/8lZBNbsSDOVesJ3euVqMRfYPvd9pYl6QPRRpSDPm+2tNdn3QFAvta9EgJ3sW
+-URnoU85w+W6aLI2bNSq3AaE771p3VbkGolpEjo9h+i42TBHo1rhPNKPkGupR8/QX
+-AOLMpInRdeaHyDwb2a3DE5I3dG7VAVzrVfJ6W6Q84YoFX+rpEE2SVM17SAjy6xQy
+-VjKgLvK2mk0xbtfa+h0B6VK7bmODHZqeP18NVm6HsBcXn7iclLgAC3SfWU1jucZK
+-x1lqzw9tAgMBAAECggEABWzxS1Y2wckblnXY57Z+sl6YdmLV+gxj2r8Qib7g4ZIk
+-lIlWR1OJNfw7kU4eryib4fc6nOh6O4AWZyYqAK6tqNQSS/eVG0LQTLTTEldHyVJL
+-dvBe+MsUQOj4nTndZW+QvFzbcm2D8lY5n2nBSxU5ypVoKZ1EqQzytFcLZpTN7d89
+-EPj0qDyrV4NZlWAwL1AygCwnlwhMQjXEalVF1ylXwU3QzyZ/6MgvF6d3SSUlh+sq
+-XefuyigXw484cQQgbzopv6niMOmGP3of+yV4JQqUSb3IDmmT68XjGd2Dkxl4iPki
+-6ZwXf3CCi+c+i/zVEcufgZ3SLf8D99kUGE7v7fZ6AQKBgQD1ZX3RAla9hIhxCf+O
+-3D+I1j2LMrdjAh0ZKKqwMR4JnHX3mjQI6LwqIctPWTU8wYFECSh9klEclSdCa64s
+-uI/GNpcqPXejd0cAAdqHEEeG5sHMDt0oFSurL4lyud0GtZvwlzLuwEweuDtvT9cJ
+-Wfvl86uyO36IW8JdvUprYDctrQKBgQDycZ697qutBieZlGkHpnYWUAeImVA878sJ
+-w44NuXHvMxBPz+lbJGAg8Cn8fcxNAPqHIraK+kx3po8cZGQywKHUWsxi23ozHoxo
+-+bGqeQb9U661TnfdDspIXia+xilZt3mm5BPzOUuRqlh4Y9SOBpSWRmEhyw76w4ZP
+-OPxjWYAgwQKBgA/FehSYxeJgRjSdo+MWnK66tjHgDJE8bYpUZsP0JC4R9DL5oiaA
+-brd2fI6Y+SbyeNBallObt8LSgzdtnEAbjIH8uDJqyOmknNePRvAvR6mP4xyuR+Bv
+-m+Lgp0DMWTw5J9CKpydZDItc49T/mJ5tPhdFVd+am0NAQnmr1MCZ6nHxAoGABS3Y
+-LkaC9FdFUUqSU8+Chkd/YbOkuyiENdkvl6t2e52jo5DVc1T7mLiIrRQi4SI8N9bN
+-/3oJWCT+uaSLX2ouCtNFunblzWHBrhxnZzTeqVq4SLc8aESAnbslKL4i8/+vYZlN
+-s8xtiNcSvL+lMsOBORSXzpj/4Ot8WwTkn1qyGgECgYBKNTypzAHeLE6yVadFp3nQ
+-Ckq9yzvP/ib05rvgbvrne00YeOxqJ9gtTrzgh7koqJyX1L4NwdkEza4ilDWpucn0
+-xiUZS4SoaJq6ZvcBYS62Yr1t8n09iG47YL8ibgtmH3L+svaotvpVxVK+d7BLevA/
+-ZboOWVe3icTy64BT3OQhmg==
++MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFyXr1E4l3GM34
++wlmdsWtjHJCigAMKwnpUOS4zI1AiLH8eTXk2T+4XIFfUx775oSkaZjdEhjh9S8Qu
++pP+yu8AexNfBVVK20xxjylwAWZdKqjfHgy5RMb+MJfdV+2PSvcQzkzwiZjWvMD+O
++pNMsmDTSsP4Oa4MAFypC+hfD9FXzDXJNGLkE+gcMUP8BZO39iAy+TWXZir/EjxVs
++xQimMGgZfFaxJ69DmLazWaT3/JnO7RiynW1OXMOo49rjKwWMGK11eLB/GPG2/mde
++o4I/muF4o7SxYuTR960ynU5XklIkwAnDpzZkySVTZYyoASlGN0T+8d8i42D7IZpF
++GojTs1lFAgMBAAECggEAIYthUi1lFBDd5gG4Rzlu+BlBIn5JhcqkCqLEBiJIFfOr
++/4yuMRrvS3bNzqWt6xJ9MSAC4ZlN/VobRLnxL/QNymoiGYUKCT3Ww8nvPpPzR9OE
++sE68TUL9tJw/zZJcRMKwgvrGqSLimfq53MxxkE+kLdOc0v9C8YH8Re26mB5ZcWYa
++7YFyZQpKsQYnsmu/05cMbpOQrQWhtmIqRoyn8mG/par2s3NzjtpSE9NINyz26uFc
++k/3ovFJQIHkUmTS7KHD3BgY5vuCqP98HramYnOysJ0WoYgvSDNCWw3037s5CCwJT
++gCKuM+Ow6liFrj83RrdKBpm5QUGjfNpYP31o+QNP4QKBgQDSrUQ2XdgtAnibAV7u
++7kbxOxro0EhIKso0Y/6LbDQgcXgxLqltkmeqZgG8nC3Z793lhlSasz2snhzzooV5
++5fTy1y8ikXqjhG0nNkInFyOhsI0auE28CFoDowaQd+5cmCatpN4Grqo5PNRXxm1w
++HktfPEgoP11NNCFHvvN5fEKbbQKBgQDwVlOaV20IvW3IPq7cXZyiyabouFF9eTRo
++VJka1Uv+JtyvL2P0NKkjYHOdN8gRblWqxQtJoTNk020rVA4UP1heiXALy50gvj/p
++hMcybPTLYSPOhAGx838KIcvGR5oskP1aUCmFbFQzGELxhJ9diVVjxUtbG2DuwPKd
++tD9TLxT2OQKBgQCcdlHSjp+dzdgERmBa0ludjGfPv9/uuNizUBAbO6D690psPFtY
++JQMYaemgSd1DngEOFVWADt4e9M5Lose+YCoqr+UxpxmNlyv5kzJOFcFAs/4XeglB
++PHKdgNW/NVKxMc6H54l9LPr+x05sYdGlEtqnP/3W5jhEvhJ5Vjc8YiyVgQKBgQCl
++zwjyrGo+42GACy7cPYE5FeIfIDqoVByB9guC5bD98JXEDu/opQQjsgFRcBCJZhOY
++M0UsURiB8ROaFu13rpQq9KrmmF0ZH+g8FSzQbzcbsTLg4VXCDXmR5esOKowFPypr
++Sm667BfTAGP++D5ya7MLmCv6+RKQ5XD8uEQQAaV2kQKBgAD8qeJuWIXZT0VKkQrn
++nIhgtzGERF/6sZdQGW2LxTbUDWG74AfFkkEbeBfwEkCZXY/xmnYqYABhvlSex8jU
++supU6Eea21esIxIub2zv/Np0ojUb6rlqTPS4Ox1E27D787EJ3VOXpriSD10vyNnZ
++jel6uj2FOP9g54s+GzlSVg/T
+ -----END RSA TESTING KEY-----`))
+
+ func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
+--
+2.40.0
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 1/7] go: Fix CVE-2024-45336 Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 15:18 ` Patchtest results for " patchtest
2025-02-12 14:21 ` [OE-core][kirkstone 3/7] linux-yocto/5.15: update to v5.15.178 Steve Sakoman
` (4 subsequent siblings)
6 siblings, 1 reply; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
4735586da88e Linux 5.15.176
63eac98d6f08 mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
5c4eb5401d7e dt-bindings: display: adi,adv7533: Drop single lane support
0f51034bb813 drm: adv7511: Drop dsi single lane support
f9c3adb083d3 net/sctp: Prevent autoclose integer overflow in sctp_association_init()
d809d1aabec8 sky2: Add device ID 11ab:4373 for Marvell 88E8075
9372e160d821 pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
c2f961c46ea0 RDMA/uverbs: Prevent integer overflow issue
9aeece68684c kcov: mark in_softirq_really() as __always_inline
362f86f3ee45 modpost: fix the missed iteration for the max bit in do_input()
3b5efbf000d5 modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
ef26e5bb560b usb: xhci: Avoid queuing redundant Stop Endpoint commands
f4539c3cab44 ARC: build: Try to guess GCC variant of cross compiler
84142875b293 irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
faab60ed274d net: usb: qmi_wwan: add Telit FE910C04 compositions
cc63b8c102c4 bpf: fix potential error return
2dedcab091f2 sound: usb: format: don't warn that raw DSD is unsupported
01b3661663c5 sound: usb: enable DSD output for ddHiFi TC44C
63f4b594a688 btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
22d36ad92e57 drm/amdkfd: Correct the migration DMA map direction
bd3eca303b3f wifi: mac80211: wake the queues in case of failure in resume
efbdbf36c338 btrfs: sysfs: fix direct super block member reads
0efdc0606fc8 btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
526ff5b27f09 btrfs: fix use-after-free when COWing tree bock and tracing is enabled
d4a7270b37d0 btrfs: rename and export __btrfs_cow_block()
ad0677c37c14 ila: serialize calls to nf_register_net_hooks()
de4f8d477c67 af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
65c67049e9ed af_packet: fix vlan_get_tci() vs MSG_PEEK
0caa776f2829 net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
579cfa595af1 net: restrict SO_REUSEPORT to inet sockets
143378075904 RDMA/rtrs: Ensure 'ib_sge list' is accessible
91a1adab5669 net: mv643xx_eth: fix an OF node reference leak
36c95bbd4eb1 eth: bcmsysport: fix call balance of priv->clk handling routines
d27088892b40 ALSA: usb-audio: US16x08: Initialize array before use
c8187a378380 net: llc: reset skb->transport_header
277f00b0c2dc netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
215c687344d5 drm/i915/dg1: Fix power gate sequence.
769e36c2119a netrom: check buffer length before accessing it
9d3895967729 net: fix memory leak in tcp_conn_request()
4261fc54ca77 net: stmmac: restructure the error path of stmmac_probe_config_dt()
f0da70367048 net: stmmac: don't create a MDIO bus if unnecessary
860279ff72fe net: stmmac: platform: provide devm_stmmac_probe_config_dt()
a68ec6380f2f RDMA/hns: Fix missing flush CQE for DWQE
06e2d3ec7a7d RDMA/hns: Fix warning storm caused by invalid input in IO path
3146512f40bb RDMA/hns: Fix mapping error of zero-hop WQE buffer
bc509159a223 RDMA/hns: Remove redundant 'bt_level' for hem_list_alloc_item()
5e7c02730cce RDMA/hns: Remove redundant 'attr_mask' in modify_qp_init_to_init()
a03b9689e4e5 drm/bridge: adv7511_audio: Update Audio InfoFrame properly
33df6f747501 RDMA/bnxt_re: Fix the locking while accessing the QP table
802be99bc7bb RDMA/bnxt_re: Fix max_qp_wrs reported
6da018852c42 RDMA/bnxt_re: Fix reporting hw_ver in query_device
faf879baed95 RDMA/bnxt_re: Add check for path mtu in modify_qp
2e4a9a22b7f9 RDMA/mlx5: Enforce same type port association for multiport RoCE
590bd0f9148f xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
62756ca746e2 usb: xhci: Limit Stop Endpoint retries
28fcf6c7a1ef xhci: retry Stop Endpoint on buggy NEC controllers
8f4871abf04f thunderbolt: Add support for Intel Panther Lake-M/P
6cf75f685667 thunderbolt: Add support for Intel Lunar Lake
c4c06c199410 thunderbolt: Add Intel Barlow Ridge PCI ID
6c03ec8a0791 thunderbolt: Add support for Intel Meteor Lake
c5c059d6bb77 thunderbolt: Add support for Intel Raptor Lake
3bcdc9039a6e tracing: Have process_string() also allow arrays
f70e4b9ec69d selinux: ignore unknown extended permissions
0a2d26bf27c9 x86/hyperv: Fix hv tsc page based sched_clock for hibernation
87bd909a7014 net: dsa: improve shutdown sequence
5ade4382de16 nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
214d92f0a465 btrfs: avoid monopolizing a core when activating a swap file
c3703d9340ca power: supply: gpio-charger: Fix set charge current limits
f60172b44731 tracing: Prevent bad count for tracing_cpumask_write
c5a28af78555 tracing: Constify string literal data member in struct trace_event_call
2107ab40629a ksmbd: fix racy issue from session lookup and expire
2461ffdc7725 lib: stackinit: hide never-taken branch from compiler
002668bfd416 drm/dp_mst: Verify request type in the corresponding down message reply
3bc0d0831777 arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
082e68b9a714 arm64: mm: Rename asid2idx() to ctxid2asid()
1aea5c9470be ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
6bd1bf0e8c42 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
70e7166612f4 drm/dp_mst: Fix MST sideband message body length check
24fec234d2ba bpf: Check validity of link->type in bpf_link_show_fdinfo()
edcc68974580 MIPS: Probe toolchain support of -msym32
5728a1d6247d vmalloc: fix accounting with i915
6dea8e3de599 virtio-blk: don't keep queue frozen during system suspend
a47235354ac4 scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error
0d591e92c076 scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time
7efc3fa902ce platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
b09527799946 regmap: Use correct format specifier for logging range errors
7574cf3c8bf1 ALSA: hda/conexant: fix Z60MR100 startup pop issue
3c654998a3e8 scsi: megaraid_sas: Fix for a potential deadlock
ce697618e34f scsi: qla1280: Fix hw revision numbering for ISP1020/1040
08a78ff9bf29 watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
325c0e27668d tracing/kprobe: Make trace_kprobe's module callback called after jump_label update
3d825a241e65 mtd: rawnand: fix double free in atmel_pmecc_create_user()
8d364597de9c dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
7c99b3c60cac dmaengine: dw: Select only supported masters for ACPI devices
3e9968660c26 dmaengine: mv_xor: fix child node refcount handling in early exit
e0c101361c1e phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
6bf2aba838b2 phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider
3a22224a443b phy: core: Fix that API devm_phy_put() fails to release the phy
5d1a41420ed4 phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
9d2916bb1276 phy: core: Fix an OF node refcount leakage in _of_phy_get()
4f8a50745358 mtd: rawnand: arasan: Fix missing de-registration of NAND
326d7fb3e4f1 mtd: rawnand: arasan: Fix double assertion of chip-select
4b13d0d186df mtd: diskonchip: Cast an operand to prevent potential overflow
804d55e92b7a nfsd: restore callback functionality for NFSv4.0
e2373eea347e bpf: Check negative offsets in __bpf_skb_min_len()
323bab15ff7c tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
38150bb4e3be tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
c3ab56e1b434 mm/vmstat: fix a W=1 clang compiler warning
53106510736e media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
c72057c4865c drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
dccf5138ad56 epoll: Add synchronous wakeup support for ep_poll_callback
888dd1909559 ceph: validate snapdirname option length when mounting
38a2a383a019 of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
a579b0b6a82f of: Fix error path in of_parse_phandle_with_args_map()
0227594be815 udmabuf: also check for F_SEAL_FUTURE_WRITE
912188316a8c nilfs2: prevent use of deleted inode
a793e5c35722 of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
abc874634c16 NFS/pnfs: Fix a live lock between recalled layouts and layoutget
85d7635d54d7 tracing: Add "%s" check in test_event_printk()
6cacfb59a7cc tracing: Add missing helper functions in event pointer dereference check
3a41815771c4 tracing: Fix test_event_printk() to process entire print argument
0840d360a890 KVM: x86: Play nice with protected guests in complete_hypercall_exit()
042253c57be9 Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
0bef13423bb4 btrfs: tree-checker: reject inline extent items with 0 ref count
6aa65cda937f zram: refuse to use zero sized block device as backing device
2d3cde3aeb73 sh: clk: Fix clk_enable() to return 0 on NULL clk
5049a45bc23b hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers
de4fa408d68b hwmon: (tmp513) Fix Current Register value interpretation
447d1430aa6c hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers
b382e808e342 hwmon: (tmp513) Use SI constants from units.h
e9668ba824c1 hwmon: (tmp513) Simplify with dev_err_probe()
9a2cf6d4a616 hwmon: (tmp513) Don't use "proxy" headers
e7c7b48a0fc5 drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
d4ca3bf078cb USB: serial: option: add Telit FE910C04 rmnet compositions
adeae07da972 USB: serial: option: add MediaTek T7XX compositions
cf4df6f3f539 USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
6ccb85602c14 USB: serial: option: add MeiG Smart SLM770A
7e25a9031004 USB: serial: option: add TCL IK512 MBIM & ECM
68578224365a efivarfs: Fix error on non-existent file
f2c15056b312 i2c: riic: Always round-up when calculating bus period
16e1c1156674 chelsio/chtls: prevent potential integer overflow on 32bit
f4780fedeb65 mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
9d120788418d net: mdiobus: fix an OF node reference leak
c4f20ad100da netfilter: ipset: Fix for recursive locking warning
24b6b9d6b21b net: ethernet: bgmac-platform: fix an OF node reference leak
f9bad9428723 net: hinic: Fix cleanup in create_rxqs/txqs()
48cc5df7757b ionic: use ee->offset when returning sprom data
87847938f570 ionic: Fix netdev notifier unregister on failure
b3a6daaf7cfb netdevsim: prevent bad user input in nsim_dev_health_break_write()
6b80924af621 net/smc: check return value of sock_recvmsg when draining clc data
a36364d8d4fa net/smc: check smcd_v2_ext_offset when receiving proposal msg
f10635268a0a net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
0b86e31b6bbb net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
27d6adbb3ec4 erofs: fix incorrect symlink detection in fast symlink
7e5fc0da0b76 i2c: pnx: Fix timeout in wait functions
cff037a22793 usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled
676cec3ad096 MIPS: Loongson64: DTS: Fix msi node for ls7a
848257f4f9ef PCI: Add ACS quirk for Broadcom BCM5760X NIC
c3119c7bab90 PCI: vmd: Create domain symlink before pci_bus_add_devices()
82f635733337 ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
6eb9609c8bf0 usb: cdns3: Add quirk flag to enable suspend residency
a19c6a484417 ALSA: usb: Fix UBSAN warning in parse_audio_unit()
02052d22de91 PCI/AER: Disable AER service on suspend
c1a1393f7844 PCI: Use preserve_config in place of pci_flags
33db36b3c53d net: sched: fix ordering of qlen adjustment
b5d500042eb3 usb: hcd-pci: remove the action of faking interrupt request
6f0605db50e2 clk: imx: Add check for kcalloc
5b837b9e1543 bpf: Fix the indention issue in grow_stack_state()
42b62697634d cifs: Fix the calling of smb_version_operations::calc_smb_size()
b14acf729e9d f2fs: Add inline to f2fs_build_fault_attr() stub
7c317bec311f f2fs: check validation of fault attrs in f2fs_build_fault_attr()
81c12119c23f bpf: Fix accesses to uninit stack slots [ Upstream commit 6b4a64bafd107e521c01eec3453ce94a3fb38529 ]
c4fa05422d87 smb: client: fix potential OOB in smb2_dump_detail()
299ef3b5b00b of: module: add buffer overflow check in of_modalias()
b8086c3c1548 reiserfs: Avoid touching renamed directory if parent does not change
ea091017ef62 ipv6: Fix data races around sk->sk_prot.
ff8710da80ee ipv6: annotate some data-races around sk->sk_prot
e8c2eafaaa6a tcp: Fix data races around icsk->icsk_af_ops.
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 74f9bb9a44..1e67936da0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "e44a864642ca01372ce3bc73985ae5c15039239d"
-SRCREV_meta ?= "d76891c15fa8b0734c3fd9513594ed6e5b9f620d"
+SRCREV_machine ?= "24252937d6ebfe59470a427ef4f05d4ee7381491"
+SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.175"
+LINUX_VERSION ?= "5.15.176"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index e7fb427843..563db2fab6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.175"
+LINUX_VERSION ?= "5.15.176"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "21359d0259838662bde27fc0164bdc5b0786a01f"
-SRCREV_meta ?= "d76891c15fa8b0734c3fd9513594ed6e5b9f620d"
+SRCREV_machine ?= "c90e38bc5ace7a98431d67a23e8b46555fe9d3a3"
+SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 2c7c392ef3..c345f7046f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "71b7c06f25df2a8971d00ca9240fdc657ca12e14"
-SRCREV_machine:qemuarm64 ?= "d8355f2c75c6135afbf2e7af95beeb164c0f90a6"
-SRCREV_machine:qemumips ?= "06d279ec8ff88a1335d5545acb7e89cb779fd5d1"
-SRCREV_machine:qemuppc ?= "54de5d312356aabbccb7e7cbf9d2775792818755"
-SRCREV_machine:qemuriscv64 ?= "b516538c454980b6dea36a7163a3c182b41d45a2"
-SRCREV_machine:qemuriscv32 ?= "b516538c454980b6dea36a7163a3c182b41d45a2"
-SRCREV_machine:qemux86 ?= "b516538c454980b6dea36a7163a3c182b41d45a2"
-SRCREV_machine:qemux86-64 ?= "b516538c454980b6dea36a7163a3c182b41d45a2"
-SRCREV_machine:qemumips64 ?= "67003ffdcc2b524e27729b1734aad8f5ca9fa7b2"
-SRCREV_machine ?= "b516538c454980b6dea36a7163a3c182b41d45a2"
-SRCREV_meta ?= "d76891c15fa8b0734c3fd9513594ed6e5b9f620d"
+SRCREV_machine:qemuarm ?= "fa2dd80d85802957a32c8496321f6e49b2f015ac"
+SRCREV_machine:qemuarm64 ?= "accf953d2129f53a7ea1de535bfedfdd55de3556"
+SRCREV_machine:qemumips ?= "cf74a6b6fe7f2a268b40250f134aa1ce094edd77"
+SRCREV_machine:qemuppc ?= "0cb9b5d87e992246e1dda20cebbfc3213b54259d"
+SRCREV_machine:qemuriscv64 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
+SRCREV_machine:qemuriscv32 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
+SRCREV_machine:qemux86 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
+SRCREV_machine:qemux86-64 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
+SRCREV_machine:qemumips64 ?= "178c81e8a265eac651802a645b95b2b818fd6abc"
+SRCREV_machine ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
+SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "91786f140358b1e56efdb0feccb337ce3a59c031"
+SRCREV_machine:class-devupstream ?= "4735586da88ed2254ada53bbe19ce4fe968a1e7b"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.175"
+LINUX_VERSION ?= "5.15.176"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 3/7] linux-yocto/5.15: update to v5.15.178
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 1/7] go: Fix CVE-2024-45336 Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176 Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 4/7] glibc: Suppress GCC -Os warning on user2netname for sunrpc Steve Sakoman
` (3 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
c16c81c81336 Linux 5.15.178
6cfafcad46e9 drm/v3d: Assign job pointer to NULL before signaling the fence
8b74aa1e1c08 Input: xpad - add support for wooting two he (arm)
c9d4d5785f2d Input: xpad - add unofficial Xbox 360 wireless receiver clone
1475c07bf30f Input: atkbd - map F23 key to support default copilot shortcut
66453ea6ed0a ALSA: usb-audio: Add delay quirk for USB Audio Device
20ce02f2f73a Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
6068dcff7f19 USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
091a023cf2ae wifi: iwlwifi: add a few rate index validity checks
81d4dd05c412 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
6ac5dfa57513 ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
84adb88c8027 platform/chrome: cros_ec_typec: Check for EC driver
542532afe249 fs/ntfs3: Additional check in ntfs_file_release
00767fbd67af Bluetooth: RFCOMM: Fix not validating setsockopt user input
2c2dc87cdebe Bluetooth: SCO: Fix not validating setsockopt user input
92340e6c5122 vfio/platform: check the bounds of read/write syscalls
bcf0d815e728 net: sched: fix ets qdisc OOB Indexing
4e3ded34f3f3 gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
322948a57582 mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
2c3524a308b2 regmap: detach regmap from dev on regmap_exit
df560e90a4d6 ASoC: samsung: Add missing depends on I2C
72370a2bc2e6 irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
46bdd737a16b scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
318ebf851143 seccomp: Stub for !CONFIG_SECCOMP
42b4b670bd23 ASoC: samsung: Add missing selects for MFD_WM8994
0783cd485b4a ASoC: wm8994: Add depends on MFD core
003148680b79 Linux 5.15.177
448fe5a1a4b5 Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals
0bd4efe3226d xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
c3d052cae566 net: fix data-races around sk->sk_forward_alloc
198b89dd5a59 scsi: sg: Fix slab-use-after-free read in sg_release()
9a4d196e8a5e x86/xen: fix SLS mitigation in xen_hypercall_iret()
167cbd3e5268 nfsd: add list_head nf_gc to struct nfsd_file
e43dd28405e6 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
6486915fa661 vsock/virtio: discard packets if the transport changes
8a07350fe070 blk-cgroup: Fix UAF in blkcg_unpin_online()
e667d5d566a2 Revert "regmap: detach regmap from dev on regmap_exit"
d8ebb991790f Revert "drm/amdgpu: rework resume handling for display (v2)"
7a07fb80ea88 iio: adc: rockchip_saradc: fix information leak in triggered buffer
b5c2c988cb6a iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
96ac1454f343 iio: imu: inv_icm42600: fix spi burst write not supported
39f320df3537 Revert "PCI: Use preserve_config in place of pci_flags"
ac3dd2497e6e drm/i915/fb: Relax clear color alignment to 64 bytes
15b453db41d3 hrtimers: Handle CPU state correctly on hotplug
59472bf85a3c irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
2d008d4961b0 gpiolib: cdev: Fix use after free in lineinfo_changed_notify
649b266606bc fs/proc: fix softlockup in __read_vmcore (part 2)
64e5fd96330d filemap: avoid truncating 64-bit offset to 32 bits
9e5fed46ccd2 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
a4606b774de2 vsock: reset socket state when de-assigning the transport
048dbd2b5b85 vsock/virtio: cancel close work in the destructor
92f1b7930f13 net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
aba13043e628 x86/asm: Make serialize() always_inline
612269eb3f8f nvmet: propagate npwg topology
7df94f7f9e22 poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
1c878c5527e1 ACPI: resource: acpi_dev_irq_override(): Check DMI match last
a592ce58ca78 kheaders: Ignore silly-rename files
2d1a5a595bf2 fs: fix missing declaration of init_files
87e207b6aa93 hfs: Sanity check the root record
80aee0bc0dbe mac802154: check local interfaces before deleting sdata list
c5f1bc1d2324 i2c: rcar: fix NACK handling when being a target
6c6e0961ccfd i2c: mux: demux-pinctrl: check initial mux selection, too
37c63955ca68 Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
2f176c0ec9f5 hwmon: (tmp513) Fix division of negative numbers
14e0a874488e drm/v3d: Ensure job pointer is set to NULL after job completion
83775c9a9a65 net/mlx5: Fix RDMA TX steering prio
a04effa1b79f net/mlx5: Refactor mlx5_get_flow_namespace
ef6bb594598b net/mlx5: Add priorities for counters in RDMA namespaces
3cc3575223c6 net: xilinx: axienet: Fix IRQ coalescing packet count overflow
fdfe7ef525ad nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
036f8d814a2c gtp: Destroy device along with udp socket's netns dismantle.
ed8be92df48d gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
a111a7487f65 gtp: use exit_batch_rtnl() method
041325b73abc net: add exit_batch_rtnl() method
3450092cc2d1 pktgen: Avoid out-of-bounds access in get_imix_entries
0ab52a8ca6e1 bpf: Fix bpf_sk_select_reuseport() memory leak
9bb26176fba5 net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
9f15cd4174d0 phy: usb: Fix clock imbalance for suspend/resume
795537eb2af1 phy: usb: Use slow clock for wake enabled suspend
88b01048f286 mptcp: fix TCP options overflow.
05ba00d97bb4 mptcp: drop port parameter of mptcp_pm_add_addr_signal
f44e6d70c100 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
86f8046aa649 ocfs2: correct return value of ocfs2_local_free_info()
0552befaccd8 phy: usb: Toggle the PHY power during init
d0178cb2ccea phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
b2cec0d8f676 of: address: Preserve the flags portion on 1:1 dma-ranges mapping
6a7832e332d9 of: address: Store number of bus flag cells rather than bool
1b868ff7950b of: address: Remove duplicated functions
19ec883a51bd of: address: Fix address translation when address-size is greater than 2
b3f6bed9bf61 of/address: Add support for 3 address cell bus
bce3629a9e53 of: unittest: Add bus address range parsing tests
437b875e7389 arm64: dts: rockchip: add hevc power domain clock to rk3328
f587c1ac6895 block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
e43dfc4a9c15 iio: adc: ad7124: Disable all channels at probe time
d83ccca9e17e iio: inkern: call iio_device_put() only on mapped devices
028a1ba8e3ba iio: adc: at91: call input_free_device() on allocated iio_dev
060214459b63 iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
c31009d2bd49 iio: gyro: fxas21002c: Fix missing data update in trigger handler
aae967380068 iio: adc: ti-ads8688: fix information leak in triggered buffer
a07f69808441 iio: imu: kmx61: fix information leak in triggered buffer
cb488706cdec iio: light: vcnl4035: fix information leak in triggered buffer
006073761888 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
64a989aa7475 iio: pressure: zpa2326: fix information leak in triggered buffer
19fc1c83454c usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
d9d18e2011c1 usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
7cdb2d0f1af9 usb: fix reference leak in usb_new_device()
162428a00a0c USB: core: Disable LPM only for non-suspended ports
8309c947b208 USB: usblp: return error when setting unsupported protocol
d2de56cc45ee usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
1c7818e2746e topology: Keep the cpumask unchanged when printing cpumap
85b8a1a3176d usb: dwc3: gadget: fix writing NYET threshold
7f626e8e148c USB: serial: cp210x: add Phoenix Contact UPS Device
2165ef034891 usb-storage: Add max sectors quirk for Nokia 208
2748a203e098 staging: iio: ad9832: Correct phase range check
e299dcbfc039 staging: iio: ad9834: Correct phase range check
98645eac8ed4 USB: serial: option: add Neoway N723-EA support
f072315c5d41 USB: serial: option: add MeiG Smart SRM815
203f38eb72f2 md/raid5: fix atomicity violation in raid5_cache_count
3b930badf88d scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
1e5cc8d5b121 drm/amd/display: increase MAX_SURFACES to the value supported by hw
dd3f23919b4d ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
21db38809fb8 ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
10c24df2e303 riscv: Fix sleeping in invalid context in die()
95793f9684e5 drm/amd/display: Add check for granularity in dml ceil/floor helpers
1dc5da6c4178 sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
0a0966312ac3 sctp: sysctl: udp_port: avoid using current->nsproxy
bd2a29394235 sctp: sysctl: auth_enable: avoid using current->nsproxy
0f78f0946674 sctp: sysctl: rto_min/max: avoid using current->nsproxy
86ddf8118123 sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
e52a55ec2d1f dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
802666a40c71 dm thin: make get_first_thin use rcu-safe list first function
7cb3e77e9b4e afs: Fix the maximum cell name length
781c743e18bf ksmbd: fix a missing return value check bug
e719611285cd drm/mediatek: Add support for 180-degree rotation in the display driver
b1b2353d768f netfilter: conntrack: clamp maximum hashtable size to INT_MAX
2f2c1ce86708 netfilter: nf_tables: imbalance in flowtable binding
6d6ce5f75d0e tls: Fix tls_sw_sendmsg error handling
8fe5fcf25438 cxgb4: Avoid removal of uninserted tid
0cfe1297df07 bnxt_en: Fix possible memory leak when hwrm_req_replace fails
a313d6e6d5f3 net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
10923508eb77 tcp/dccp: allow a connection when sk_max_ack_backlog is zero
bcd1557f1d38 tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
e67fff8fd12c net: 802: LLC+SNAP OID:PID lookup on start of skb data
8cc8bdfbe065 ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
294b9826da0e ASoC: mediatek: disable buffer pre-allocation
1f94fe692b7e exfat: fix the infinite loop in __exfat_free_cluster()
28c21f0ac529 exfat: fix the infinite loop in exfat_readdir()
3995b25d000c dm array: fix cursor index when skipping across block boundaries
c850ddd1e1d8 dm array: fix unreleased btree blocks on closing a faulty array cursor
738994872d77 dm array: fix releasing a faulty array block twice in dm_array_cursor_end
6029c4240529 jbd2: flush filesystem device before updating tail sequence
d42ad3f161a5 ceph: give up on paths longer than PATH_MAX
b5d500042eb3 usb: hcd-pci: remove the action of faking interrupt request
6f0605db50e2 clk: imx: Add check for kcalloc
5b837b9e1543 bpf: Fix the indention issue in grow_stack_state()
42b62697634d cifs: Fix the calling of smb_version_operations::calc_smb_size()
b14acf729e9d f2fs: Add inline to f2fs_build_fault_attr() stub
7c317bec311f f2fs: check validation of fault attrs in f2fs_build_fault_attr()
81c12119c23f bpf: Fix accesses to uninit stack slots [ Upstream commit 6b4a64bafd107e521c01eec3453ce94a3fb38529 ]
c4fa05422d87 smb: client: fix potential OOB in smb2_dump_detail()
299ef3b5b00b of: module: add buffer overflow check in of_modalias()
b8086c3c1548 reiserfs: Avoid touching renamed directory if parent does not change
ea091017ef62 ipv6: Fix data races around sk->sk_prot.
ff8710da80ee ipv6: annotate some data-races around sk->sk_prot
e8c2eafaaa6a tcp: Fix data races around icsk->icsk_af_ops.
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 1e67936da0..2d78db3fdc 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "24252937d6ebfe59470a427ef4f05d4ee7381491"
-SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
+SRCREV_machine ?= "e7c2ec263d8c16095369ddd7523a9514aeff11e8"
+SRCREV_meta ?= "853814dcf5cf386ac47bcc85ef384d2055c8a4e7"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.176"
+LINUX_VERSION ?= "5.15.178"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 563db2fab6..d9745fd21f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.176"
+LINUX_VERSION ?= "5.15.178"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "c90e38bc5ace7a98431d67a23e8b46555fe9d3a3"
-SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
+SRCREV_machine ?= "ac353b3cfa6ce5383c90fa9f3dc742fac5ee5ea4"
+SRCREV_meta ?= "853814dcf5cf386ac47bcc85ef384d2055c8a4e7"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index c345f7046f..8759b69c37 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "fa2dd80d85802957a32c8496321f6e49b2f015ac"
-SRCREV_machine:qemuarm64 ?= "accf953d2129f53a7ea1de535bfedfdd55de3556"
-SRCREV_machine:qemumips ?= "cf74a6b6fe7f2a268b40250f134aa1ce094edd77"
-SRCREV_machine:qemuppc ?= "0cb9b5d87e992246e1dda20cebbfc3213b54259d"
-SRCREV_machine:qemuriscv64 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
-SRCREV_machine:qemuriscv32 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
-SRCREV_machine:qemux86 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
-SRCREV_machine:qemux86-64 ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
-SRCREV_machine:qemumips64 ?= "178c81e8a265eac651802a645b95b2b818fd6abc"
-SRCREV_machine ?= "aa5d0061f3fdccec608f50597c50027e684205c5"
-SRCREV_meta ?= "b6e2c0d16d49638d30461ce4f832af9bf0608d05"
+SRCREV_machine:qemuarm ?= "31fa49dbe9f3a64362078de6b59da96afcad718f"
+SRCREV_machine:qemuarm64 ?= "e46eb0a3250c9a5ee8ebea25a80298f693ae691c"
+SRCREV_machine:qemumips ?= "539bfe9f18782440707e86df545a47f425208797"
+SRCREV_machine:qemuppc ?= "c26ce5169b6964dcdafb09b4528c47b378f94528"
+SRCREV_machine:qemuriscv64 ?= "9026df72c466542d6a1592bdc12c9c8dfa54dd33"
+SRCREV_machine:qemuriscv32 ?= "9026df72c466542d6a1592bdc12c9c8dfa54dd33"
+SRCREV_machine:qemux86 ?= "9026df72c466542d6a1592bdc12c9c8dfa54dd33"
+SRCREV_machine:qemux86-64 ?= "9026df72c466542d6a1592bdc12c9c8dfa54dd33"
+SRCREV_machine:qemumips64 ?= "d633d7d27475d3615f5a33467c04b0b0cb14517c"
+SRCREV_machine ?= "9026df72c466542d6a1592bdc12c9c8dfa54dd33"
+SRCREV_meta ?= "853814dcf5cf386ac47bcc85ef384d2055c8a4e7"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4735586da88ed2254ada53bbe19ce4fe968a1e7b"
+SRCREV_machine:class-devupstream ?= "c16c81c81336c0912eb3542194f16215c0a40037"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.176"
+LINUX_VERSION ?= "5.15.178"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 4/7] glibc: Suppress GCC -Os warning on user2netname for sunrpc
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-02-12 14:21 ` [OE-core][kirkstone 3/7] linux-yocto/5.15: update to v5.15.178 Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 5/7] rust-common.bbclass: soft assignment for RUSTLIB path Steve Sakoman
` (2 subsequent siblings)
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Nikhil R <nikhilr5@kpit.com>
When building with GCC -Os, a warning is triggered indicating that sprintf might overflow.
Error:
netname.c: In function 'user2netname':
netname.c:51:28: error: '%s' directive writing up to 255 bytes into a
region of size between 239 and 249 [-Werror=format-overflow=]
51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
| ^~ ~~~~~~~
netname.c:51:3: note: 'sprintf' output between 8 and 273 bytes into a
destination of size 256
51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
However the code does test prior the sprintf call that dfltdom plus
the required extra space for OPSYS, uid, and extra character will not
overflow and return 0 instead.
Upstream-patch: https://github.com/bminor/glibc/commit/6128e82ebe973163d2dd614d31753c88c0c4d645
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...press-gcc-os-warning-on-user2netname.patch | 61 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
diff --git a/meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch b/meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
new file mode 100644
index 0000000000..7068a81518
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
@@ -0,0 +1,61 @@
+From 6128e82ebe973163d2dd614d31753c88c0c4d645 Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
+Date: Wed, 21 Sep 2022 10:51:07 -0300
+Subject: [PATCH] sunrpc: Suppress GCC -Os warning on user2netname
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+GCC with -Os warns that sprint might overflow:
+
+ netname.c: In function ‘user2netname’:
+ netname.c:51:28: error: ‘%s’ directive writing up to 255 bytes into a
+ region of size between 239 and 249 [-Werror=format-overflow=]
+ 51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
+ | ^~ ~~~~~~~
+ netname.c:51:3: note: ‘sprintf’ output between 8 and 273 bytes into a
+ destination of size 256
+ 51 | sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ cc1: all warnings being treated as errors
+
+However the code does test prior the sprintf call that dfltdom plus
+the required extra space for OPSYS, uid, and extra character will not
+overflow and return 0 instead.
+
+Checked on x86_64-linux-gnu and i686-linux-gnu.
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+Tested-by: Carlos O'Donell <carlos@redhat.com>
+
+Upstream-Status: Backport [https://github.com/bminor/glibc/commit/6128e82ebe973163d2dd614d31753c88c0c4d645]
+Signed-off-by: nikhil <nikhil.r@kpit.com>
+
+---
+ sunrpc/netname.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/sunrpc/netname.c b/sunrpc/netname.c
+index bf7f0b81c43..c1d1c43e502 100644
+--- a/sunrpc/netname.c
++++ b/sunrpc/netname.c
+@@ -20,6 +20,7 @@
+ #include <string.h>
+ #include <rpc/rpc.h>
+ #include <shlib-compat.h>
++#include <libc-diag.h>
+
+ #include "nsswitch.h"
+
+@@ -48,7 +49,12 @@ user2netname (char netname[MAXNETNAMELEN + 1], const uid_t uid,
+ if ((strlen (dfltdom) + OPSYS_LEN + 3 + MAXIPRINT) > (size_t) MAXNETNAMELEN)
+ return 0;
+
++ /* GCC with -Os warns that sprint might overflow while handling dfltdom,
++ however the above test does check if an overflow would happen. */
++ DIAG_PUSH_NEEDS_COMMENT;
++ DIAG_IGNORE_Os_NEEDS_COMMENT (8, "-Wformat-overflow");
+ sprintf (netname, "%s.%d@%s", OPSYS, uid, dfltdom);
++ DIAG_POP_NEEDS_COMMENT;
+ i = strlen (netname);
+ if (netname[i - 1] == '.')
+ netname[i - 1] = '\0';
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 9400e1e920..d9cae79ac2 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -64,6 +64,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
+ file://0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 5/7] rust-common.bbclass: soft assignment for RUSTLIB path
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-02-12 14:21 ` [OE-core][kirkstone 4/7] glibc: Suppress GCC -Os warning on user2netname for sunrpc Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 6/7] python3: Treat UID/GID overflow as failure Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 7/7] cmake: apply parallel build settings to ptest tasks Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Pedro Ferreira <Pedro.Silva.Ferreira@criticaltechworks.com>
As a user i want to override `RUSTLIB` path on a bbclass, lets
call it `XYZ.bbclass`.
If a certain recipe inherits `cargo.bbclass` and `XYZ.bbclass` the
value of `RUSTLIB` is dependent on the order of the inherit.
If `cargo.bbclass` is inherit before `XYZ.bbclass` this will reflect
the desired value of `RUSTLIB`, on the oposite, if the `XYZ.bbclass`
is inherit before `cargo.bbclass` then the `RUSTLIB` defined on
`rust-common.bbclass` will prevail.
Changed definition of `RUSTLIB` to soft assignment to make it overridable.
Signed-off-by: Pedro Silva Ferreira <Pedro.Silva.Ferreira@criticaltechworks.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 6eeb832f73ffb48f5f05dc47191f60e4599e640f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/rust-common.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/rust-common.bbclass b/meta/classes/rust-common.bbclass
index cb811ac5da..1c34d4c8b9 100644
--- a/meta/classes/rust-common.bbclass
+++ b/meta/classes/rust-common.bbclass
@@ -6,7 +6,7 @@ FILES:${PN} += "${rustlibdir}/*.so"
FILES:${PN}-dev += "${rustlibdir}/*.rlib ${rustlibdir}/*.rmeta"
FILES:${PN}-dbg += "${rustlibdir}/.debug"
-RUSTLIB = "-L ${STAGING_LIBDIR}/rust"
+RUSTLIB ?= "-L ${STAGING_LIBDIR}/rust"
RUST_DEBUG_REMAP = "--remap-path-prefix=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
RUSTFLAGS += "${RUSTLIB} ${RUST_DEBUG_REMAP}"
RUSTLIB_DEP ?= "libstd-rs"
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 6/7] python3: Treat UID/GID overflow as failure
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-02-12 14:21 ` [OE-core][kirkstone 5/7] rust-common.bbclass: soft assignment for RUSTLIB path Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 7/7] cmake: apply parallel build settings to ptest tasks Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
This fixes ptest failures on 32bit architectures
AssertionError:
Failed ptests:
{'python3': ['test_extractall_none_gid',
'test_extractall_none_gname',
'test_extractall_none_mode',
'test_extractall_none_mtime',
'test_extractall_none_uid',
'test_extractall_none_uname',
'setUpClass',
'python3']}
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43104b547cb79693c83df0882773ae8dd74b1d35)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...e-treat-overflow-in-UID-GID-as-failu.patch | 40 +++++++++++++++++++
.../python/python3_3.10.16.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
new file mode 100644
index 0000000000..88b84c6024
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
@@ -0,0 +1,40 @@
+From 999d4e74d34afa233ad8ad0c70b989d77a21957f Mon Sep 17 00:00:00 2001
+From: Petr Viktorin <encukou@gmail.com>
+Date: Wed, 23 Aug 2023 20:00:07 +0200
+Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to
+ set it (#108369)
+
+Upstream-Status: Backport [https://github.com/python/cpython/pull/108369]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ Lib/tarfile.py | 3 ++-
+ .../Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
+
+diff --git a/Lib/tarfile.py b/Lib/tarfile.py
+index 3bbbcaa..473167d 100755
+--- a/Lib/tarfile.py
++++ b/Lib/tarfile.py
+@@ -2557,7 +2557,8 @@ class TarFile(object):
+ os.lchown(targetpath, u, g)
+ else:
+ os.chown(targetpath, u, g)
+- except OSError as e:
++ except (OSError, OverflowError) as e:
++ # OverflowError can be raised if an ID doesn't fit in `id_t`
+ raise ExtractError("could not change owner") from e
+
+ def chmod(self, tarinfo, targetpath):
+diff --git a/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
+new file mode 100644
+index 0000000..ffca413
+--- /dev/null
++++ b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
+@@ -0,0 +1,3 @@
++:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on
++an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to
++set the ID.
+--
+2.45.0
+
diff --git a/meta/recipes-devtools/python/python3_3.10.16.bb b/meta/recipes-devtools/python/python3_3.10.16.bb
index 19a85a8770..48f845b089 100644
--- a/meta/recipes-devtools/python/python3_3.10.16.bb
+++ b/meta/recipes-devtools/python/python3_3.10.16.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
file://0001-test_storlines-skip-due-to-load-variability.patch \
+ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
"
SRC_URI:append:class-native = " \
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 7/7] cmake: apply parallel build settings to ptest tasks
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-02-12 14:21 ` [OE-core][kirkstone 6/7] python3: Treat UID/GID overflow as failure Steve Sakoman
@ 2025-02-12 14:21 ` Steve Sakoman
6 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-02-12 14:21 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
ptest compile and install tasks do not have parallel build settings for
cmake. On powerful build machines this can cause overload situations
and oomkills.
Observed when building qtgrpc with ptest generally enabled in distro.
Having this in ptest class is suboptimal, but creating ptest-cmake class
just for these two variables is probably overkill.
(From OE-Core rev: 3c311fbf0c2090268e9b83123d762b05b61b4074)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/cmake.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/cmake.bbclass b/meta/classes/cmake.bbclass
index 7ec6ca58fc..0c0d719829 100644
--- a/meta/classes/cmake.bbclass
+++ b/meta/classes/cmake.bbclass
@@ -62,6 +62,8 @@ EXTRA_OECMAKE:append = " ${PACKAGECONFIG_CONFARGS}"
export CMAKE_BUILD_PARALLEL_LEVEL
CMAKE_BUILD_PARALLEL_LEVEL:task-compile = "${@oe.utils.parallel_make(d, False)}"
CMAKE_BUILD_PARALLEL_LEVEL:task-install = "${@oe.utils.parallel_make(d, True)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-compile-ptest-base = "${@oe.utils.parallel_make(d, False)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-install-ptest-base = "${@oe.utils.parallel_make(d, True)}"
OECMAKE_TARGET_COMPILE ?= "all"
OECMAKE_TARGET_INSTALL ?= "install"
--
2.43.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Patchtest results for [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176
2025-02-12 14:21 ` [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176 Steve Sakoman
@ 2025-02-12 15:18 ` patchtest
0 siblings, 0 replies; 23+ messages in thread
From: patchtest @ 2025-02-12 15:18 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3053 bytes --]
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/kirkstone-2-7-linux-yocto-5.15-update-to-v5.15.176.patch
FAIL: test commit message user tags: Mbox includes one or more GitHub-style username tags. Ensure that any "@" symbols are stripped out of usernames (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)
---
Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-03-14 14:10 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-03-14 14:10 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, March 18
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1187
The following changes since commit 0216c229d5c60d0023b0a7d6e8ee41bdfa16f8ef:
tzcode-native: Fix compiler setting from 2023d version (2025-03-07 07:00:55 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ashish Sharma (1):
ruby: Fix CVE-2025-27219
Divya Chellam (1):
vim: Upgrade 9.1.1043 -> 9.1.1115
Hitendra Prajapati (2):
grub: Fix multiple CVEs
grub: Fix multiple CVEs
Peter Marko (2):
puzzles: ignore three new CVEs for a different puzzles
libarchive: patch CVE-2025-25724
Zhang Peng (1):
mpg123: fix CVE-2024-10573
.../0001-misc-Implement-grub_strlcpy.patch | 68 ++
.../grub/files/CVE-2024-45774.patch | 40 +
.../grub/files/CVE-2024-45775.patch | 41 +
.../grub/files/CVE-2024-45776.patch | 42 +
.../grub/files/CVE-2024-45777.patch | 60 ++
.../files/CVE-2024-45778_CVE-2024-45779.patch | 58 ++
.../grub/files/CVE-2024-45780.patch | 96 ++
.../grub/files/CVE-2024-45781.patch | 38 +
.../files/CVE-2024-45782_CVE-2024-56737.patch | 39 +
.../grub/files/CVE-2024-45783.patch | 42 +
.../grub/files/CVE-2025-0622-01.patch | 39 +
.../grub/files/CVE-2025-0622-02.patch | 44 +
.../grub/files/CVE-2025-0622-03.patch | 41 +
.../grub/files/CVE-2025-0624.patch | 87 ++
...025-0685_CVE-2025-0686_CVE-2025-0689.patch | 380 +++++++
.../files/CVE-2025-0678_CVE-2025-1125.patch | 90 ++
.../grub/files/CVE-2025-0690.patch | 75 ++
.../grub/files/CVE-2025-1118.patch | 40 +
meta/recipes-bsp/grub/grub2.inc | 18 +
.../ruby/ruby/CVE-2025-27219.patch | 31 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../libarchive/CVE-2025-25724.patch | 40 +
.../libarchive/libarchive_3.6.2.bb | 1 +
.../mpg123/mpg123/CVE-2024-10573.patch | 978 ++++++++++++++++++
.../mpg123/mpg123_1.29.3.bb | 4 +-
meta/recipes-sato/puzzles/puzzles_git.bb | 2 +
meta/recipes-support/vim/vim.inc | 4 +-
27 files changed, 2396 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45774.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45775.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45776.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45777.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45780.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45781.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45783.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0624.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0690.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-1118.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-25724.patch
create mode 100644 meta/recipes-multimedia/mpg123/mpg123/CVE-2024-10573.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-09-30 19:50 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-09-30 19:50 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone ande have comments back by
end of day Thursday, October 2
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2467
The following changes since commit d381eeb5e70bd0ce9e78032c909e4a23564f4dd7:
build-appliance-image: Update to kirkstone head revision (2025-09-19 07:04:23 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (1):
vim: upgrade 9.1.1652 -> 9.1.1683
Gyorgy Sarvari (1):
libhandy: update git branch name
Praveen Kumar (1):
go: fix CVE-2025-47907
Soumya Sambu (1):
python3-jinja2: upgrade 3.1.4 -> 3.1.6
Yogita Urade (3):
grub2: fix CVE-2024-56738
curl: fix CVE-2025-9086
tiff: fix CVE-2025-9900
.../grub/files/CVE-2024-56738.patch | 75 ++++
meta/recipes-bsp/grub/grub2.inc | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 125 ++++---
.../go/go-1.21/CVE-2025-47907-pre-0001.patch | 354 ++++++++++++++++++
.../go/go-1.21/CVE-2025-47907-pre-0002.patch | 232 ++++++++++++
.../go/go-1.21/CVE-2025-47907.patch | 327 ++++++++++++++++
...inja2_3.1.4.bb => python3-jinja2_3.1.6.bb} | 5 +-
meta/recipes-gnome/libhandy/libhandy_1.5.0.bb | 2 +-
.../libtiff/tiff/CVE-2025-9900.patch | 57 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
.../curl/curl/CVE-2025-9086.patch | 55 +++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
13 files changed, 1174 insertions(+), 65 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0001.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0002.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907.patch
rename meta/recipes-devtools/python/{python3-jinja2_3.1.4.bb => python3-jinja2_3.1.6.bb} (82%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-9086.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [OE-core][kirkstone 0/7] Patch review
@ 2025-11-19 20:42 Steve Sakoman
0 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2025-11-19 20:42 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2748
The following changes since commit 8aad87c12a809d790175b9848f5802d0a28eecac:
goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures (2025-11-13 08:39:38 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Gyorgy Sarvari (1):
musl: patch CVE-2025-26519
Richard Purdie (1):
oe-build-perf-report: relax metadata matching rules
Soumya Sambu (2):
elfutils: Fix CVE-2025-1376
elfutils: Fix CVE-2025-1377
Vijay Anusuri (3):
xwayland: Fix for CVE-2025-62229
xwayland: Fix for CVE-2025-62230
xwayland: Fix for CVE-2025-62231
.../musl/musl/CVE-2025-26519-1.patch | 39 ++++++++
.../musl/musl/CVE-2025-26519-2.patch | 38 ++++++++
meta/recipes-core/musl/musl_git.bb | 4 +-
.../elfutils/elfutils_0.186.bb | 2 +
.../elfutils/files/CVE-2025-1376.patch | 58 ++++++++++++
.../elfutils/files/CVE-2025-1377.patch | 68 ++++++++++++++
.../xwayland/xwayland/CVE-2025-62229.patch | 89 ++++++++++++++++++
.../xwayland/xwayland/CVE-2025-62230-1.patch | 63 +++++++++++++
.../xwayland/xwayland/CVE-2025-62230-2.patch | 92 +++++++++++++++++++
.../xwayland/xwayland/CVE-2025-62231.patch | 53 +++++++++++
.../xwayland/xwayland_22.1.8.bb | 4 +
scripts/lib/build_perf/report.py | 9 +-
12 files changed, 515 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
--
2.43.0
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2025-11-19 20:42 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-12 14:21 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 1/7] go: Fix CVE-2024-45336 Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 2/7] linux-yocto/5.15: update to v5.15.176 Steve Sakoman
2025-02-12 15:18 ` Patchtest results for " patchtest
2025-02-12 14:21 ` [OE-core][kirkstone 3/7] linux-yocto/5.15: update to v5.15.178 Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 4/7] glibc: Suppress GCC -Os warning on user2netname for sunrpc Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 5/7] rust-common.bbclass: soft assignment for RUSTLIB path Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 6/7] python3: Treat UID/GID overflow as failure Steve Sakoman
2025-02-12 14:21 ` [OE-core][kirkstone 7/7] cmake: apply parallel build settings to ptest tasks Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-19 20:42 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2025-09-30 19:50 Steve Sakoman
2025-03-14 14:10 Steve Sakoman
2024-12-11 14:47 Steve Sakoman
2024-08-30 12:52 Steve Sakoman
2024-07-04 12:32 Steve Sakoman
2024-05-30 18:37 Steve Sakoman
2024-04-17 20:35 Steve Sakoman
2024-02-06 15:45 Steve Sakoman
2024-01-17 15:58 Steve Sakoman
2023-11-08 22:52 Steve Sakoman
2023-10-30 2:20 Steve Sakoman
2023-04-15 15:26 Steve Sakoman
2022-08-04 14:06 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox