Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
cf13ba74e8eb Linux 5.10.206
2df1e1887c68 spi: atmel: Fix PDC transfer setup bug
2a0a658ed6ef Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled
ecd50f820d86 Revert "MIPS: Loongson64: Enable DMA noncoherent support"
9175341bd80b dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
73117ea03363 netfilter: nf_tables: skip set commit for deleted/destroyed sets
8bf79dec73fe tracing: Fix blocked reader of snapshot buffer
0afe42022865 ring-buffer: Fix wake ups when buffer_percent is set to 100
9db5239d7533 scsi: core: Always send batch on reset or error handling command
f2d30198c053 scsi: core: Use a structure member to track the SCSI command submitter
df83ca8e986d scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
d054858a9c9e scsi: core: Make scsi_get_lba() return the LBA
f230e6d4249b scsi: core: Introduce scsi_get_sector()
294d66c35a4e scsi: core: Add scsi_prot_ref_tag() helper
929f475ebaf0 spi: atmel: Fix CS and initialization bug
23d9267c548b spi: atmel: Switch to transfer_one transfer method
db1b14eec8c6 Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
0c54b79d1d9b smb: client: fix OOB in smbCalcSize()
203a412e52b5 smb: client: fix OOB in SMB2_query_info_init()
79e158ddc3c7 usb: fotg210-hcd: delete an incorrect bounds test
da448f145f8d Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE
4bc912140b1c Bluetooth: use inclusive language in SMP
e219c3110a16 Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg
cdbc4a1115a5 ARM: dts: Fix occasional boot hang for am3 usb
1e2db0124c69 9p/net: fix possible memory leak in p9_check_errors()
c4a22227f7eb x86/alternatives: Sync core before enabling interrupts
7d407ef18327 lib/vsprintf: Fix %pfwf when current node refcount == 0
565fadc3ea91 bus: ti-sysc: Flush posted write only after srst_udelay
e50cfb544742 tracing / synthetic: Disable events after testing in synth_event_gen_test_init()
cd6e41593ed7 dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp
786788bb1396 net: ks8851: Fix TX stall caused by TX buffer overrun
391c1019a005 net: rfkill: gpio: set GPIO direction
6d7b8e5a6d91 net: 9p: avoid freeing uninit memory in p9pdu_vreadf
45b63f09ba89 Input: soc_button_array - add mapping for airplane mode button
2aa744ad0e9e Bluetooth: L2CAP: Send reject on command corrupted request
25a6fdd26d13 Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
71e1c7654010 USB: serial: option: add Quectel RM500Q R13 firmware support
d521896bcc0b USB: serial: option: add Foxconn T99W265 with new baseline
d0cf8a4bee42 USB: serial: option: add Quectel EG912Y module support
f41f44cea9eb USB: serial: ftdi_sio: update Actisense PIDs constant names
20d84a19466f wifi: cfg80211: fix certs build to not depend on file order
7a0a5cbfea34 wifi: cfg80211: Add my certificate
9dcf50da596d iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()
abbebddb19ac iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
c40db29812f9 scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
e3749f85fddc Input: ipaq-micro-keys - add error handling for devm_kmemdup
b5f67cea27fa iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
505df1c0abe6 interconnect: Treat xlate() returning NULL node as an error
cc5eec86a4ff btrfs: do not allow non subvolume root targets for snapshot
bd267af18f7b smb: client: fix NULL deref in asn1_ber_decoder()
41350e813acf ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
a4692c38cd57 ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
e032ddb0e387 pinctrl: at91-pio4: use dedicated lock class for IRQ
0b85149a9dc1 i2c: aspeed: Handle the coalesced stop conditions with the start conditions.
3dce7a52b2fa afs: Fix overwriting of result of DNS query
97be1e865e70 keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry
9e0d18f946b2 net: check dev->gso_max_size in gso_features_check()
59dc16ce095d net: warn if gso_type isn't set for a GSO SKB
63ad66d4844b afs: Fix dynamic root lookup DNS check
65d2c287fc00 afs: Fix the dynamic root's d_delete to always delete unused dentries
a3218319ee86 net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
12e5a4719c99 net/rose: fix races in rose_kill_by_device()
be0988c9b075 ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
8b6f8bfe3a3a net: sched: ife: fix potential use-after-free
f245312e9f4f net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors
e8ba688a64f9 net/mlx5: Fix fw tracer first block check
fc4c53f8e929 net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()
50aa92e6999d Revert "net/mlx5e: fix double free of encap_header"
b851889e9184 wifi: mac80211: mesh_plink: fix matches_local logic
717f08fb5140 s390/vx: fix save/restore of fpu kernel context
c48219fad182 reset: Fix crash when freeing non-existent optional resets
c999682ce8de ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init
dbc8edb80f05 smb: client: fix OOB in smb2_query_reparse_point()
bc3c57493b20 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
(From OE-Core rev: 28b884d3ba7854fbddd353f57214a4a24799f29c)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
d330ef1d295d Linux 5.10.203
9c957e2b5254 driver core: Release all resources during unbind before updating device links
2325d3b6b10f r8169: fix deadlock on RTL8125 in jumbo mtu mode
b29e6055db1e r8169: disable ASPM in case of tx timeout
8b76708eb9f1 mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
b532bc9b73e6 mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
376fabe3677a mmc: block: Retry commands in CQE error recovery
bf62a283a779 mmc: core: convert comma to semicolon
bb785011843e mmc: cqhci: Fix task clearing in CQE error recovery
cb9ca7cc273b mmc: cqhci: Warn of halt or task clear failure
e94ededefc42 mmc: cqhci: Increase recovery halt timeout
2011f06e32ab cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
6b35f36ff8f0 cpufreq: imx6q: don't warn for disabling a non-existing frequency
910566a789a2 scsi: qla2xxx: Fix system crash due to bad pointer access
46a4bf13502f scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
b19fe82b4b92 scsi: core: Introduce the scsi_cmd_to_rq() function
c2b6f7e48e38 smb3: fix caching of ctime on setxattr
f9aa2857c6e6 fs: add ctime accessors infrastructure
8d4237a149e3 drm/amdgpu: don't use ATRM for external devices
2df04d76c97d driver core: Move the "removable" attribute from USB to core
01fbfcd8105c ima: annotate iint mutex to avoid lockdep false positive warnings
8a3322a35f74 fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
15bc430fc176 misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
a6128ad78771 misc: pci_endpoint_test: Add deviceID for AM64 and J7200
c922282d11b3 s390/cmma: fix detection of DAT pages
03e07092c6ce s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
cb420e35571c ASoC: SOF: sof-pci-dev: Fix community key quirk detection
b37e1fbe6d30 ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks
3a79fcb743f7 ASoC: SOF: sof-pci-dev: add parameter to override topology filename
4aeb3320d70e ASoC: SOF: sof-pci-dev: use community key on all Up boards
6368a32d26a3 ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
8e52b19d92e1 smb3: fix touch -h of symlink
889c84e2b200 net: ravb: Start TX queues after HW initialization succeeded
5d428cda38e8 net: ravb: Use pm_runtime_resume_and_get()
f78d0f301395 ravb: Fix races between ravb_tx_timeout_work() and net related ops
a36e00e957a2 r8169: prevent potential deadlock in rtl8169_close
8a909c119827 Revert "workqueue: remove unused cancel_work()"
72ce3379cd5e octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
ef7af2105a25 net: stmmac: xgmac: Disable FPE MMC interrupts
f18bcace1294 selftests/net: mptcp: fix uninitialized variable warnings
cb1644f9f005 selftests/net: ipsec: fix constant out of range
fe7fd9c209e8 dpaa2-eth: increase the needed headroom to account for alignment
772fe1da9a8d ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
9ef94ec8e52e usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
713530d3c8f1 USB: core: Change configuration warnings to notices
ae6e41066e6e hv_netvsc: fix race of netvsc and VF register_netdevice
4937fb36bbb8 Input: xpad - add HyperX Clutch Gladiate Support
5c4d5c8556ee btrfs: make error messages more clear when getting a chunk map
74ff16c84433 btrfs: send: ensure send_fd is writable
12a0ec5ed7cf btrfs: fix off-by-one when checking chunk map includes logical address
baaab02a8c0b btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
2d6c2238acf8 btrfs: add dmesg output for first mount and last unmount of a filesystem
bab9cec493b6 parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
b53dc7c766ae powerpc: Don't clobber f0/vs0 during fp|altivec register save
b5cbbc2b2da9 iommu/vt-d: Add MTL to quirk list to skip TE disabling
f62ceb880a71 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
18ac427906af dm verity: don't perform FEC for failed readahead IO
c3c9f9273822 dm-verity: align struct dm_verity_fec_io properly
5de40a7ffaa0 ALSA: hda/realtek: Add supported ALC257 for ChromeOS
cf80c538061e ALSA: hda/realtek: Headset Mic VREF to 100%
f338f738d7bd ALSA: hda: Disable power-save on KONTRON SinglePC
b02b66194d54 mmc: block: Do not lose cache flush during CQE error recovery
71c9fb31e18b firewire: core: fix possible memory leak in create_units()
d6bac7048f28 pinctrl: avoid reload of p state in list iteration
8fb79be6e980 io_uring: fix off-by one bvec index
f5f85ea5bb6a USB: dwc3: qcom: fix wakeup after probe deferral
5ac96667ea32 usb: dwc3: set the dma max_seg_size
2620c5977f49 usb: dwc3: Fix default mode initialization
d5325ed6eb7c USB: dwc2: write HCINT with INTMASK applied
5d7a5e63dc3b USB: serial: option: don't claim interface 4 for ZTE MF290
f1432dff5dd6 USB: serial: option: fix FM101R-GL defines
14a6e089d610 USB: serial: option: add Fibocom L7xx modules
f49ad460a2c8 bcache: fixup lock c->root error
be327b8f76c2 bcache: fixup init dirty data errors
3ebf83df623a bcache: prevent potential division by zero error
e74c2e6fecb7 bcache: check return value from btree_node_alloc_replacement()
c73dd8f4b476 dm-delay: fix a race between delay_presuspend and delay_bio
a70b6da7c640 hv_netvsc: Mark VF as slave before exposing it to user-mode
ff6c130e48a7 hv_netvsc: Fix race of register_netdevice_notifier and VF register
518ef825016d USB: serial: option: add Luat Air72*U series products
c841de6247e9 s390/dasd: protect device queue against concurrent access
89f9ba7ee702 bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
cd7a0695906d bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce()
be8af3b6c80d swiotlb-xen: provide the "max_mapping_size" method
8c4b5cc90843 ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
0f312dc1eb2f ASoC: simple-card: fixup asoc_simple_probe() error handling
fcc60c0a1870 nfsd: lock_rename() needs both directories to live on the same fs
ec75d1d0cd2c ext4: make sure allocate pending entry not fail
10341e77e49f ext4: fix slab-use-after-free in ext4_es_insert_extent()
5527898c6a9f ext4: using nofail preallocation in ext4_es_insert_extent()
2ae2be6e7cd7 ext4: using nofail preallocation in ext4_es_insert_delayed_block()
aa6568033cfb ext4: using nofail preallocation in ext4_es_remove_extent()
608758ef8670 ext4: use pre-allocated es in __es_remove_extent()
fcb07d8ea363 ext4: use pre-allocated es in __es_insert_extent()
0cc7653887b0 ext4: factor out __es_alloc_extent() and __es_free_extent()
8234c1c690a3 ext4: add a new helper to check if es must be kept
62526a55fee7 MIPS: KVM: Fix a build warning about variable set but not used
3b2e8b30b0d7 media: ccs: Correctly initialise try compose rectangle
1301467cbe4c lockdep: Fix block chain corruption
cbfa5aadd650 USB: dwc3: qcom: fix ACPI platform device leak
68fe711312f1 USB: dwc3: qcom: fix resource leaks on probe deferral
2be451e7a2f1 nvmet: nul-terminate the NQNs passed in the connect command
86a7f67d7605 nvmet: remove unnecessary ctrl parameter
d24a18cb51bf afs: Fix file locking on R/O volumes to operate in local mode
6e48c3175d0b afs: Return ENOENT if no cell DNS record can be found
497e9b0b21a6 net: axienet: Fix check for partial TX checksum
8fb804dabdda amd-xgbe: propagate the correct speed and duplex status
b7c9e8c038f5 amd-xgbe: handle the corner-case during tx completion
a2e868ad07eb amd-xgbe: handle corner-case during sfp hotplug
ebc7fbd15a64 arm/xen: fix xen_vcpu_info allocation alignment
5ada292b5c50 net/smc: avoid data corruption caused by decline
3ae55e3a3734 net: usb: ax88179_178a: fix failed operations during ax88179_reset
27914bff9602 ipv4: Correct/silence an endian warning in __ip_do_redirect
f8467afa754d HID: fix HID device resource race between HID core and debugging support
2f0ea5e0944a HID: core: store the unique system identifier in hid_device
650e43dfe7d2 drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
cc3b63c089e7 ata: pata_isapnp: Add missing error check for devm_ioport_map()
9942c1948346 wireguard: use DEV_STATS_INC()
939352ad6502 drm/panel: simple: Fix Innolux G101ICE-L01 timings
a5e82e345f4a drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
60660af9577a drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
2c688ae2dd78 drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
3b797242d178 afs: Make error on cell lookup failure consistent with OpenAFS
dbc1929a5214 afs: Fix afs_server_list to be cleaned up with RCU
c3bead2f8fca PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
ac65f8979b0e RDMA/irdma: Prevent zero-length STAG registration
(From OE-Core rev: 501af4c5f91746f934083178efdb1a59ff82ff51)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.
(From OE-Core rev: 973901530c98bc3f1b10d8bb89d55decf6848713)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit d9273edae80978c34f8426f34f991b9598828aa9.
This commit is causing breakage for some vendor kernel builds.
(From OE-Core rev: 59cc2e75c15f8c6371a4c4a3b7bd2e6c3f145fbc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The license of ghostscript has switched to Affero GPL since version 9.07
via commit:
* 3cc5318 Switch Ghostscript/GhostPDL to Affero GPL
https://github.com/ArtifexSoftware/ghostpdl/commit/3cc5318
Correct it with `AGPL-3.0-or-later`.
(From OE-Core rev: 8e192a2e0c2fdad18ea4c08774493225f31931a0)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
During testing of the v6.4 reference kernel, it was noticed that
on-target modules no longer matched the magic value of the running
kernel.
This was due to a different localversion in the cross built kernel
and the scripts / resources created on target.
This was due to changes in the setlocalversion script introduced
in the v6.3 series.
The .scmversion file is no longer used (or packaged) to inhibit
the addition of a "+" (through querying of the git status of the
kernel) or the setting of a local version.
We recently introduced the KERNEL_LOCALVERSION variable to allow
recipes to place a value in .scmversion, so we extend the use of
that variable to kernel-arch.bbclass and use it to set the
exported variable LOCALVERSION.
We must do it at the kernel-arch level, as the variable must be
exported in any kernel build to ensure that setlocalversion always
correctly sets the localversion.
(From OE-Core rev: d9273edae80978c34f8426f34f991b9598828aa9)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-picked from master 765b13b7305c8d2f222cfc66d77c02e6a088c691
Signed-off-by: Andreas Helbech Kleist <andreaskleist@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently myhostname is always added to nsswitch.conf even if it is
not included in PACKAGECONFIG.
This is based on changes made in OE-core rev:
ba3a78c08cb0ce08afde049610d3172b9e3b0695
Cc: Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: 17e20ce90b5b3abb5a597d4a5b470c8eaa3fd296)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-24575:
libgit2 is a portable C implementation of the Git core methods provided
as a linkable library with a solid API, allowing to build Git functionality
into your application. Using well-crafted inputs to `git_revparse_single`
can cause the function to enter an infinite loop, potentially causing a
Denial of Service attack in the calling application. The revparse function
in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec
string. There is an edge-case during parsing that allows a bad actor to
force the loop conditions to access arbitrary memory. Potentially, this
could also leak memory if the extracted rev spec is reflected back to the
attacker. As such, libgit2 versions before 1.4.0 are not affected. Users
should upgrade to version 1.6.5 or 1.7.2.
CVE-2024-24577:
libgit2 is a portable C implementation of the Git core methods provided
as a linkable library with a solid API, allowing to build Git functionality
into your application. Using well-crafted inputs to `git_index_add` can
cause heap corruption that could be leveraged for arbitrary code execution.
There is an issue in the `has_dir_name` function in `src/libgit2/index.c`,
which frees an entry that should not be freed. The freed entry is later
used and overwritten with potentially bad actor-controlled data leading to
controlled heap corruption. Depending on the application that uses libgit2,
this could lead to arbitrary code execution. This issue has been patched
in version 1.6.5 and 1.7.2.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-24575https://security-tracker.debian.org/tracker/CVE-2024-24575https://nvd.nist.gov/vuln/detail/CVE-2024-24577https://security-tracker.debian.org/tracker/CVE-2024-24577
(From OE-Core rev: 942254eb3ef29c8672a35015c086721c4fbe5a4f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware
of the HSTS status they should otherwise use.
(From OE-Core rev: e0f503594e7bc0da9771b69ca7243a34dcadbdde)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-45285:
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable
via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
is not set for said module. This only affects users who are not using
the module proxy and are fetching modules directly (i.e. GOPROXY=off).
CVE-2023-45287:
Before Go 1.20, the RSA based TLS key exchanges used the math/big
library, which is not constant time. RSA blinding was applied to prevent
timing attacks, but analysis shows this may not have been fully effective.
In particular it appears as if the removal of PKCS#1 padding may leak
timing information, which in turn could be used to recover session key
bits. In Go 1.20, the crypto/tls library switched to a fully constant
time RSA implementation, which we do not believe exhibits any timing
side channels.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45285https://nvd.nist.gov/vuln/detail/CVE-2023-45287https://security-tracker.debian.org/tracker/CVE-2023-45285https://security-tracker.debian.org/tracker/CVE-2023-45287
(From OE-Core rev: 616857b9918e8d2e576239b3db2f9f077d1a7222)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Align with text in the other branches.
(From yocto-docs rev: 394ccddfa357d186006439600833fce917a1ffac)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: ca4c984006972d34aa51f05797ec8bd47dc675bb)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Concept of gcc-source prevents cve-check to detect existing
CVE patch file.
So ignore this CVE in all recipes using gcc-source via this
include file.
(From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE reports that apple had to upgrade curl because of other
already reported CVEs:
* CVE-2023-38039: not affected, introduced in 7.84.0
* CVE-2023-38545: patch already backported
* CVE-2023-38546: patch already backported
* CVE-2023-42915: reference to itself
(From OE-Core rev: 2771a1248a251650f6e2e64731f56ed928c29ce5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The task for fstypes with compression is the same as the task for the
uncompressed fstypes, e.g. when adding tar.xz to `IMAGE_FSTYPES`, it will
be included into the do_image_tar task and not creating a separate
do_image_tar.xz task.
This commit fixes `LIVE_ROOTFS_TYPE` with compressed fstypes by
depending on the actual task instead of the non-existent
do_image_<fstype>.<compression> task.
Fixes [YOCTO #15331]
(From OE-Core rev: 60d88989698968c13f8e641f0ba1a82fcf700fb7)
Signed-off-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67c507e3d42e52a6d452c4a453eeaf7f2e2d68d6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
-Fix compiler error when checking if required blocks in parent templates are empty.
-xmlattr filter does not allow keys with spaces.
-Make error messages stemming from invalid nesting of {% trans %} blocks more helpful
(cherry picked from OE-Core rev: 8a0524464583d69df7746253f5020c2c125a8e1f)
(From OE-Core rev: 0f0dcf520505d809599a63961ecb5b1e74053b24)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: 89974b7fa33f3e9d3e3a4df7ad219898fe400d3a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
UBOOT_CONFIG accepts a third parameter for the UBOOT_BINARY that isn't
documented. To show its usage another example from the meta-freescale layer
was picked.
(From yocto-docs rev: aba67b58711019a6ba439b2b77337f813ed799ac)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The VSCode extension is now officially maintained and published by the
Yocto Project so it should be referenced in the manuals to help users
discover it.
I located the most relevant places to reference the extension by looking
at how the old Eclipse plugin was documented in the 2.6 manuals as well
as the current Toaster references.
(From yocto-docs rev: 21ec0d3b52069dfc85ff47fb4f913a26a092c480)
Signed-off-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The yocto website has changed its structure. Update the section for
Accessing the Downloads page to match the new structure.
(From yocto-docs rev: c67d471145cf09162059368ffd99f0c80df92520)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As used in the rest of the manual.
(From yocto-docs rev: c68954d905f01f6cc4f7c8ceb90e77cf9068e639)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Upstream-Status: Backport
[https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e
&
https://gitlab.com/gnutls/gnutls/-/commit/9edbdaa84e38b1bfb53a7d72c1de44f8de373405]
Reference: https://ubuntu.com/security/CVE-2024-0553https://ubuntu.com/security/CVE-2024-0567
(From OE-Core rev: de74fd5dea8cc71af1d457b4e688cfbe0f39e4d8)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
scripts/pybootchartgui/pybootchartgui/draw.py:820: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if (OPTIONS.show_pid or OPTIONS.show_all) and ipid is not 0:
scripts/pybootchartgui/pybootchartgui/draw.py:918: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if i is not 0:
(From OE-Core rev: ebd61290a644a6d9f2b3701e0e7ea050636da76c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8d996616f0ca57220d939a41ca9ba6d696ea2a4f)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes fix for CVE-2023-7207.
Drop all submitted patches.
Apply a patch from git to fix the build with clang.
[ YOCTO #11674 ]
$git log --oneline release_2_13..v2.14
4a41909 (HEAD, tag: v2.14) Version 2.14
6f9e5d3 Update NEWS
807b3ea Use GNU ls algorithm for deciding timestamp format
19219d1 Fix integer overflows in timestamp output
ed28f14 Whitespace cleanup
4ab2813 Update version of gnulib
0987d63 Fix appending to archives bigger than 2G
1df0062 Fix combination of --create, --append, --directory
6a94d5e New option --ignore-dirnlink
376d663 Fix 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.
beba8c0 Require automake 1.16.5
70fffa7 Update for newer autotools
a1b2f78 Fix calculation of CRC in copy-out mode.
18ea636 Upgrade gnulib
1a61f62 Update copyright years
a1c97c8 Fix wording in the manpage
97fab48 Update copyright years
86dacfe Remove redundant condition check
4d16930 Use inttostr to represent integer values as strings
236684f Fix dynamic string reallocations
dfc801c Fix previous commit
dd96882 Rewrite dynamic string support.
269d204 Improve online version of the documentation.
7dd8ba9 Update gnulib
905907c Update copyright years
4a78d77 Formatting changes in the documentation.
9fe8494 Update copyright years
641d3f4 Minor fix * src/global.c: Remove superfluous declaration of program_name
0c4ffde Fix handling of device numbers (part 2)
df55fb1 Fix handling of device numbers on copy out.
b1c8583 Improve 684b7ac5
684b7ac Fix cpio header verification.
(From OE-Core rev: 203804370997eeb015ef9da90b567ea2c2f9f3a6)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: f46c9105d4253153a5986f2b307273e43ee98c33)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bruce Ashfield
Tim Orling
Hugo SIMELIERE
Ming Liu
Steve Sakoman
Kai Kang
Jermain Horsman
Narpat Mali
Soumya Sambu
Archana Polampalli
Vijay Anusuri
Michael Opdenacker
Baruch Siach
Simone Weiß
Peter Marko
Deepthi Hemraj
Lee Chee Yang
Ludovic Jozeau
Wang Mingyu
Alexander Kanavin
Alassane Yattara
Jörg Sommer
Enguerrand de Ribaucourt
Maxin B. John
Hitendra Prajapati
Yogita Urade
Martin Jansa