Updating to the latest korg -stable release that comprises
the following commits:
387078f9030c Linux 5.10.177
34a02011c5d1 hsr: ratelimit only when errors are printed
7c414f6f06e9 gfs2: Always check inode size of inline inodes
3392d67af0a4 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
b4781477f397 libbpf: Fix btf_dump's packed struct determination
7ad30ad8c684 selftests/bpf: Add few corner cases to test padding handling of btf_dump
e5a16bcb131c libbpf: Fix BTF-to-C converter's padding logic
b9f7422dd94a selftests/bpf: Test btf dump for struct with padding only fields
f1c17475a9dc zonefs: Fix error message in zonefs_file_dio_append()
b51e4422952b btrfs: scan device in non-exclusive mode
3eeff8d26c6d s390/uaccess: add missing earlyclobber annotations to __clear_user()
7051d51f1241 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
79815326a516 drm/etnaviv: fix reference leak when mmaping imported buffer
a484f8bec8ee rcu: Fix rcu_torture_read ftrace event
08bfd05987df xtensa: fix KASAN report for show_stack
8ada1b5c8b43 ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
3b6992bdf09d ALSA: usb-audio: Fix regression on detection of Roland VS-100
0044721f4f95 ALSA: hda/conexant: Partial revert of a quirk for Lenovo
3d328a17c8cb NFSv4: Fix hangs when recovering open state after a server reboot
80a4200d51e5 powerpc: Don't try to copy PPR for task with NULL pt_regs
12c2612e18ca pinctrl: at91-pio4: fix domain name assignment
25065ed83b5f pinctrl: amd: Disable and mask interrupts on resume
fbf3fe7f7bc3 net: phy: dp83869: fix default value for tx-/rx-internal-delay
b3d7a4478ce0 xen/netback: don't do grant copy across page boundary
5f6347034341 btrfs: fix race between quota disable and quota assign ioctls
ba5deb64ddde Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
26a32a212bc5 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
63bbe24b99f9 cifs: prevent infinite recursion in CIFSGetDFSRefer()
8b3d7ad3e8f1 Input: focaltech - use explicitly signed char type
449a1a61f7f1 Input: alps - fix compatibility with -funsigned-char
988061d09972 pinctrl: ocelot: Fix alt mode for ocelot
ed3439a8c4fe net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
8104c795517c bnxt_en: Add missing 200G link speed reporting
62850a076353 bnxt_en: Fix typo in PCI id to device description string mapping
f524d1e55013 i40e: fix registers dump after run ethtool adapter self test
fa7fafedc9fd net: ipa: compute DMA pool size properly
96e34c88000f ALSA: ymfpci: Fix BUG_ON in probe function
688b1178c443 ALSA: ymfpci: Fix assignment in if condition
ee17dea3072d s390/vfio-ap: fix memory leak in vfio_ap device driver
ab2a55907823 can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
9b22e0cfc4d7 net: stmmac: don't reject VLANs when IFF_PROMISC is set
f032e125149d net/net_failover: fix txq exceeding warning
1025c471517b regulator: Handle deferred clk
69ed49a7b881 r8169: fix RTL8168H and RTL8107E rx crc error
3907fcb5a439 ptp_qoriq: fix memory leak in probe()
6ff4a54c0218 scsi: megaraid_sas: Fix crash after a double completion
059c3a7a3d6d sfc: ef10: don't overwrite offload features at NIC reset
4a81e2da7297 mtd: rawnand: meson: invalidate cache on polling ECC bit
47a449ec09b4 mips: bmips: BCM6358: disable RAC flush for TP1
ac63f78d9aca ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
8b1269b709c9 tracing: Fix wrong return in kprobe_event_gen_test.c
038765a095fd tools/power turbostat: Fix /dev/cpu_dma_latency warnings
5ec5680dc656 fbdev: au1200fb: Fix potential divide by zero
ce5551db3629 fbdev: lxfb: Fix potential divide by zero
c2be7f80562d fbdev: intelfb: Fix potential divide by zero
78eb964805f9 fbdev: nvidia: Fix potential divide by zero
1f2a94baee43 sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
6eaa2254cc5e fbdev: tgafb: Fix potential divide by zero
baef27176ea5 ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
fcf80111a4f6 ALSA: asihpi: check pao in control_message()
b94ffa287415 net: hsr: Don't log netdev_err message on unknown prp dst node
74d6d33f3695 md: avoid signed overflow in slot_store()
10941fd5c3e1 fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
0b9493b504fc dm crypt: avoid accessing uninitialized tasklet
b2d19565478f bus: imx-weim: fix branch condition evaluates to a garbage value
1635a062fa0e drm/meson: fix missing component unbind on bind errors
794a6cea2268 drm/meson: Fix error handling when afbcd.ops->init fails
f7385e0886cd kcsan: avoid passing -g for test
46ae204069e7 kernel: kcsan: kcsan_test: build without structleak plugin
a5ce0a559b66 usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
ddb1973e6765 usb: dwc3: gadget: move cmd_endtransfer to extra function
01e4c9c03de8 NFSD: fix use-after-free in __nfs42_ssc_open()
34ef9cd887d5 KVM: fix memoryleak in kvm_init()
a6d345c3a31e xfs: don't reuse busy extents on extent trim
cb61e1e36fb3 xfs: shut down the filesystem if we screw up quota reservation
91d7a4bd5656 ocfs2: fix data corruption after failed write
d4a5181ba1b1 sched/fair: Sanitize vruntime of entity being migrated
dfdcda25fb5e sched/fair: sanitize vruntime of entity being placed
66ff37993dd7 dm crypt: add cond_resched() to dmcrypt_write()
c68f08cc7456 dm stats: check for and propagate alloc_percpu failure
1eaa2b7ae90c i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
85b637feee1e firmware: arm_scmi: Fix device node validation for mailbox transport
f632a90f8e39 tee: amdtee: fix race condition in amdtee_open_session
4ede0da36c2f drm/i915: Preserve crtc_state->inherited during state clearing
d5329a06b4cb drm/i915/active: Fix missing debug object activation
d18db946cc6a nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
560437bba14d wifi: mac80211: fix qos on mesh interfaces
a6adfe9bbd6a usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
09671cfc2b22 usb: chipidea: core: fix possible concurrent when switch role
073ce98aa3a6 usb: chipdea: core: fix return -EINVAL if request role is the same with current role
5a36b601aff3 usb: cdns3: Fix issue with using incorrect PCI device function
aae6d1bf4d8e dm thin: fix deadlock when swapping to thin device
4d2626e10709 igb: revert rtnl_lock() that causes deadlock
e66f3039c792 fsverity: Remove WQ_UNBOUND from fsverity read workqueue
33f341c1fc60 usb: gadget: u_audio: don't let userspace block driver unbind
1f01027c51eb usb: dwc2: fix a devres leak in hw_enable upon suspend resume
dce128421554 scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
f7a4ce351426 cifs: empty interface list when server doesn't support query interfaces
8beb18c25bef sh: sanitize the flags on sigreturn
87e800e3dc77 net: usb: qmi_wwan: add Telit 0x1080 composition
27d4ce4aa3bb net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
ddfc06179338 scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
3e0a423a55a7 scsi: lpfc: Avoid usage of list iterator variable after loop
f9a937f75ba2 scsi: ufs: core: Add soft dependency on governor_simpleondemand
522314863f78 scsi: hisi_sas: Check devm_add_action() return value
799d29a447dc scsi: target: iscsi: Fix an error message in iscsi_check_key()
8c42442887db selftests/bpf: check that modifier resolves after pointer
df1da53a7e98 m68k: Only force 030 bus error if PC not in exception table
7df72bedbdd1 ca8210: fix mac_len negative array access
3d8fafc5308f HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
082b8240a66a riscv: Bump COMMAND_LINE_SIZE value to 1024
2d6c2dee59a3 thunderbolt: Use const qualifier for `ring_interrupt_index`
06e04b450bb4 thunderbolt: Use scale field when allocating USB3 bandwidth
32fa53c27ea3 uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
231cfa78ec5b scsi: qla2xxx: Perform lockless command completion in abort path
f73a88df19b7 hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
33c2fa39fb9e hwmon: fix potential sensor registration fail if of_node is missing
f86ff88a1548 platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
da3d3fdfb4d5 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
fce0e47e9ec5 Bluetooth: L2CAP: Fix responding with wrong PDU type
77a61df0a0e6 Bluetooth: L2CAP: Fix not checking for maximum number of DCID
65ceb170749b Bluetooth: btqcomsmd: Fix command timeout after setting BD address
7aa3d03e1b30 net: mdio: thunder: Add missing fwnode_handle_put()
94ef1715d263 gve: Cache link_speed value from device
3c72445dadc3 nvme-tcp: fix nvme_tcp_term_pdu to match spec
73db80dcdc20 net/sonic: use dma_mapping_error() for error check
f8cec30541f5 erspan: do not use skb_mac_header() in ndo_start_xmit()
19aa85b9df48 atm: idt77252: fix kmemleak when rmmod idt77252
5eadc8032829 net/mlx5: E-Switch, Fix an Oops in error handling code
265101aea4c0 net/mlx5: Read the TC mapping of all priorities on ETS query
18cead61e437 net/mlx5: Fix steering rules cleanup
a4bbab27c4bf bpf: Adjust insufficient default bpf_jit_limit
a44e98abcca4 keys: Do not cache key in task struct if key is requested from kernel thread
ec23a669deca bootconfig: Fix testcase to increase max node
56e0bc4a72a0 net/ps3_gelic_net: Use dma_mapping_error
3d5a97283e2a net/ps3_gelic_net: Fix RX sk_buff length
cb5879efde4f net: qcom/emac: Fix use after free bug in emac_remove due to race condition
d04dac7fae75 net: mdio: fix owner field for mdio buses registered using device-tree
1b333766ea7a net: phy: Ensure state transitions are processed from phy_stop()
bfeeb3aaad4e xirc2ps_cs: Fix use after free bug in xirc2ps_detach
39c3b9dd481c qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
33d1603a38e0 net: usb: smsc95xx: Limit packet length to skb->len
c09cdf6eb815 scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
a3ada13f20fd i2c: imx-lpi2c: check only for enabled interrupt flags
bde2e73d5232 igc: fix the validation logic for taprio's gate list
d3e4844c1829 igbvf: Regard vf reset nack as success
fe3850c72a72 intel/igbvf: free irq on the error path in igbvf_request_msix()
155d6d434f86 iavf: fix non-tunneled IPv6 UDP packet type and hashing
15dcb57eba09 iavf: fix inverted Rx hash condition leading to disabled hash
580634b03a55 xsk: Add missing overflow check in xdp_umem_reg
7b5dffe048f9 ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
35a49d27585c ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
75e2144291e8 power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
2b346876b931 power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
18359b8e30c4 power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
1fde5782f187 net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
cfeda9432c1d drm/sun4i: fix missing component unbind on bind errors
b5131ed83c83 serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
5fcb12f00a05 serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
19a98d56dfed tty: serial: fsl_lpuart: fix race on RX DMA shutdown
ae12308c7d55 serial: fsl_lpuart: Fix comment typo
a43f7d0628e4 KVM: Register /dev/kvm as the _very_ last thing during initialization
7958663668ef KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except()
6100066358ee KVM: Optimize kvm_make_vcpus_request_mask() a bit
ad120bc86930 KVM: KVM: Use cpumask_available() to check for NULL cpumask when kicking vCPUs
4cc54f6ae535 KVM: Clean up benign vcpu->cpu data races when kicking vCPUs
8f9ae017dd35 ipmi:ssif: Add a timer between request retries
c94de7f85d99 ipmi:ssif: resend_msg() cannot fail
cd35cbde0078 ipmi:ssif: Increase the message retry time
4d57c90f24e1 ipmi:ssif: make ssif_i2c_send() void
18dd825b8651 perf: fix perf_event_context->time
ddcf83200036 perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
29ee1495e857 interconnect: qcom: osm-l3: fix icc_onecell_data allocation
(From OE-Core rev: 87febe433a6bf27b1a85ba4866f395dbcd131271)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
ca9787bdecfa Linux 5.10.176
e57f797e3ffa HID: uhid: Over-ride the default maximum data buffer value with our own
9bc878756b01 HID: core: Provide new max_buffer_size attribute to over-ride the default
daa97e770e78 xfs: remove xfs_setattr_time() declaration
183ca919544c fs: use consistent setgid checks in is_sxid()
0e9dbde96cac attr: use consistent sgid stripping checks
240b96ffece8 attr: add setattr_should_drop_sgid()
baea3ae425fb fs: move should_remove_suid()
24378d6f7486 attr: add in_group_or_capable()
94ac142c19f1 fs: move S_ISGID stripping into the vfs_*() helpers
347750e1b69c fs: add mode_strip_sgid() helper
f60b68c46444 xfs: use setattr_copy to set vfs inode attributes
8cf9400f8948 xfs: set prealloc flag in xfs_alloc_file_space()
308dfe49eb75 xfs: fallocate() should call file_modified()
35f049abbae3 xfs: remove XFS_PREALLOC_SYNC
c84fb2962680 xfs: don't leak btree cursor when insrec fails after a split
be60f08c03de xfs: purge dquots after inode walk fails during quotacheck
d6f223cfef32 xfs: don't assert fail on perag references on teardown
d0292124bb57 PCI/DPC: Await readiness of secondary bus after reset
337aa99f76ea PCI: Unify delay handling for reset and resume
b5e0b3d74285 s390/ipl: add missing intersection check to ipl_report handling
84e2e393bf9f io_uring: avoid null-ptr-deref in io_arm_poll_handler
5e784a7d07af drm/i915/active: Fix misuse of non-idle barriers as fence trackers
8f27d4321700 drm/i915: Don't use stolen memory for ring buffers with LLC
b4a798374f2d x86/mm: Fix use of uninitialized buffer in sme_enable()
764217184f9e x86/mce: Make sure logged MCEs are processed after sysfs update
15e926dfd820 cpuidle: psci: Iterate backwards over list in psci_pd_remove()
38742635eda9 fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
03fc29e75e44 mmc: sdhci_am654: lower power-on failed message severity
b2747b690cb9 mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
83c3b2f4e7c6 ftrace: Fix invalid address access in lookup_rec() when index is 0
f9a98b8dde09 mptcp: avoid setting TCP_CLOSE state twice
684c7372bbd6 drm/shmem-helper: Remove another errant put in error path
fbc5ffcce72b ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
9addf5e1050a ALSA: hda: intel-dsp-config: add MTL PCI id
c54974ccaff7 KVM: nVMX: add missing consistency checks for CR0 and CR4
7b18dea697e4 cifs: Fix smb2_set_path_size()
ec663c410ce0 tracing: Make tracepoint lockdep check actually test something
8ae86ef7a058 tracing: Check field value in hist_field_name()
de3170bd41de tracing: Make splice_read available again
efae80ca13fa interconnect: fix mem leak when freeing nodes
b37d3ccbd549 firmware: xilinx: don't make a sleepable memory allocation from an atomic context
0c16c20b8787 serial: 8250_em: Fix UART port type
f5a5150c7066 tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
020166bc6669 ext4: fix possible double unlock when moving a directory
7257070be70e drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
ab7da8d93a6f sh: intc: Avoid spurious sizeof-pointer-div warning
6936525142a0 drm/amdkfd: Fix an illegal memory access
a98160d8f3e6 ext4: fix task hung in ext4_xattr_delete_inode
0bf15bc393a1 ext4: fail ext4_iget if special inode unallocated
8e7f26b9565a jffs2: correct logic when creating a hole in jffs2_write_begin
980d4e70c708 mmc: atmel-mci: fix race between stop command and start of next command
04eaeaa2f79f media: m5mols: fix off-by-one loop termination error
a4c048d502eb hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
a4c3e1132422 hwmon: tmp512: drop of_match_ptr for ID table
c5bd9719b53b hwmon: (ucd90320) Add minimum delay between bus accesses
663c3afee81e hwmon: (ina3221) return prober error code
0a73c8b3cc99 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
4a8c3ad12c9d hwmon: (adt7475) Fix masking of hysteresis registers
aff84fadba53 hwmon: (adt7475) Display smoothing attributes in correct order
d4dbd26f985c ethernet: sun: add check for the mdesc_grab()
eb80cb66a2c5 qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
1c06d1223728 selftests: net: devlink_port_split.py: skip test if no suitable device available
bd2e78462ae1 net/iucv: Fix size of interrupt data
2cc46ed406bb net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
013fae04b8ff ipv4: Fix incorrect table ID in IOCTL path
1f0586dcc076 net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
cccba1ff0798 ice: xsk: disable txq irq before flushing hw
2f28cb5c2a51 block: sunvdc: add check for mdesc_grab() returning NULL
a6317235da8a nvmet: avoid potential UAF in nvmet_req_complete()
9ebc344ce547 nvme: fix handling single range discard request
4cf15887a41b block: null_blk: Fix handling of fake timeout request
d14d2574a54c null_blk: Move driver into its own directory
d5e61a859a8a drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
e294f0aa47e4 net: usb: smsc75xx: Limit packet length to skb->len
9708efad9ba5 net/smc: fix deadlock triggered by cancel_delayed_work_syn()
43aa468df246 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
194248138f8d net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
be59b87ee4ae net: tunnels: annotate lockless accesses to dev->needed_headroom
281e86e3fab6 qed/qed_dev: guard against a possible division by zero
31817c530768 net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
3cbecb1c9085 i40e: Fix kernel crash during reboot when adapter is in recovery mode
91eb59240150 ipvlan: Make skb->skb_iif track skb->dev for l3s mode
2703da78849c nfc: pn533: initialize struct pn533_out_arg properly
77ad58bca011 tcp: tcp_make_synack() can be called from process context
68c665bb1850 scsi: core: Fix a procfs host directory removal regression
be5aa2534188 scsi: core: Fix a comment in function scsi_host_dev_release()
0fac20b1806b netfilter: nft_redir: correct value of inet type `.maxattrs`
c144dff64ea9 netfilter: nft_redir: correct length for loading protocol registers
3a0f8ea35ddc netfilter: nft_masq: correct length for loading protocol registers
eff050d83eee netfilter: nft_nat: correct length for loading protocol registers
0c6c5abeb471 ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
6f0c2f70d992 scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
79fe786dab5c docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
ea1e21d38a8d clk: HI655X: select REGMAP instead of depending on it
081893e254f1 drm/meson: fix 1px pink line on GXM when scaling video overlay
ed9ed2f58ceb cifs: Move the in_send statistic to __smb_send_rqst()
a3c502218cd3 drm/panfrost: Don't sync rpm suspension after mmu flushing
0da0b816972a xfrm: Allow transport-mode states with AF_UNSPEC selector
(From OE-Core rev: 9f27f11e19fc1929d42820e88e8df3380495f659)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patches to fix CVE-2023-28322
more POST-after-PUT confusion
When doing HTTP(S) transfers, libcurl might erroneously use the read
callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when
the `CURLOPT_POSTFIELDS` option has been set, if the same handle
previously was used to issue a `PUT` request which used that callback.
This flaw may surprise the application and cause it to misbehave and
either send off the wrong data or use memory after free or similar in
the second transfer.The problem exists in the logic for a reused
handle when it is (expected tobe) changed from a PUT to a POST.
CVE-2023-28322-1.patch is a supporting patch to resolve hunk
error in the actual patch file : CVE-2023-28322-2.patch
Link: https://curl.se/docs/CVE-2023-28322.html
(From OE-Core rev: 9ef793eca87ac568d9c22067aa854a50837cf92f)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch to fix CVE-2023-28321
IDN wildcard match
curl supports matching of wildcard patterns when listed as
"Subject Alternative Name" in TLS server certificates. curl can be
built to use its own name matching function for TLS rather than one
provided by a TLS library. This private wildcard matching function
would match IDN (International Domain Name)hosts incorrectly and
could as a result accept patterns that otherwise should mismatch.
IDN hostnames are converted to puny code before used for certificate
checks. Puny coded names always start with `xn--` and should not be
allowed to pattern match, but the wildcard check in curl could still
check for `x*`,which would match even though the IDN name most likely
contained nothing even resembling an `x`.
Link: https://curl.se/docs/CVE-2023-28321.html
(From OE-Core rev: 75d8593ab3b090266fd2cde27ddc56ad88de7ac7)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch to fix CVE-2023-28320
siglongjmp race condition
libcurl provides several different backends for resolving host names,
selectedat build time. If it is built to use the synchronous resolver,
it allows nameresolves to time-out slow operations using `alarm()` and
`siglongjmp()`.
When doing this, libcurl used a global buffer that was not mutex
protected anda multi-threaded application might therefore
crash or otherwise misbehave.
Link: https://curl.se/docs/CVE-2023-28320.html
(From OE-Core rev: c761d822be5ffc4a88600fbd7282c469b1e9902a)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch to fix CVE-2023-28319
UAF in SSH sha256 fingerprint check
libcurl offers a feature to verify an SSH server's public key using
a SHA 256hash. When this check fails, libcurl would free the memory
for the fingerprintbefore it returns an error message containing the
(now freed) hash.
This flaw risks inserting sensitive heap-based data into the error
message that might be shown to users or otherwise get
leaked and revealed.
Link: https://curl.se/docs/CVE-2023-28319.html
(From OE-Core rev: f7d6751828683ac2adbf140e77dbf7454cfa8eb1)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit c9922076f5c1285d9cfd6aff8ce5b6635d88222f.
Since the minimum version required to build the docs has been bumped in
the previous commit to 4.0, this commit is not required. Moreover, since
Sphinx 5.0 triggers a warning when extlinks captions are not using %s
substitution and Sphinx 6.0 will fail to build without the substitution
characters, this revert is now required to be able to build the docs.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: 444df054f0bf3ad7614e1613b22ee5b9e8cb94ef)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- Allow GLX tests to be disabled for systems that don't support it.
- Allow OpenCL tests to be enabled.
(From OE-Core rev: b0f54a3db7877a95a163bd480b93cfe6f0b97dcd)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Otherwise xwayland.pc would not be present in sysroot, this leads to
some xwayland configs missing like have_listenfd, have_glamor.
(From OE-Core rev: 4e42196754b19926b2219c6ffda47bd389e9d9fb)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7f1932cb5a408320a5b542e20ba2807718349e8f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
"sysconfdir" contains "/" by definition and thus using os.path.join()
leads to self.target_rootfs being always ignored (and thus attempting to
generate paths in host's /etc).
Use oe.path.join() instead which was made for this purpose.
(From OE-Core rev: 4766ba017b7562e42b33fde7f2e84c2a339e3f4c)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8414c504138f6de663f5130c6b4a6ede5605d88b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is consistently seen with musl and grep from busybox
Therefore backport a patch from upstream to fix it
(From OE-Core rev: 769290794fc23894211c56b1878a73634fd20283)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 511bcd965af658e6bb0c61d9f2adb1af75af773b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix issue of the below instance template systemd service dependency
[Install]
WantedBy=svc-wants@%i.service
creating the symlink (instance "a" example)
/etc/systemd/system/svc-wants@%i.service.wants/svc-wanted-by@a.service
which should be
/etc/systemd/system/svc-wants@a.service.wants/svc-wanted-by@a.service
as implemented by this change.
The functionality appears regressed just after "thud" baseline when the
logic was refactored from shell script into python (commit
925e30cb10)
(From OE-Core rev: 308397f0bb3d6f3d4e9ec2c6a10823184049c9b5)
(From OE-Core rev: e572d096e81bb7dba8a07ee9dba93d0944857212)
Signed-off-by: Martin Siegumfeldt <mns@gomspace.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 372b29c8ad270d4d430c26a4e614976c7029afaf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This recipe is needed to build softhsm (in meta-oe) in with p11-kit
support, which is useful when multiple PKCS#11 modules need to be used.
(From OE-Core rev: 19498bea309f19d841187a7063286b2a68ce2587)
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4942a42d5a071b283fe49047dcb4fee2c96422e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
By default there is nothing in nghttp2-client and nghttp2-server ,nghttp2-client
and nghttp2-server aren't created. So there are dependences error if install
main package.
Problem: conflicting requests
- nothing provides nghttp2-client >= 1.52.0 needed by nghttp2-1.52.0-r0.core2_64
- nothing provides nghttp2-server >= 1.52.0 needed by nghttp2-1.52.0-r0.core2_64
Upstream-Status: Backport [OE-core d2cbe060955c598bd81923ecd554fbe82c17af99]
(From OE-Core rev: 619a643f71eceab73bbbe4dacd1eb42b6d6b01d1)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* needed for llvm-native on hosts with gcc-13
(From OE-Core rev: 3382759cb6c5cee42151e72fd94e99a3060317f5)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
some standalone targets e.g. riscv64-elf disable shared linking for
baremetal ELF ABI in ld, therefore lets make it a static library
(From OE-Core rev: 3c6219dfcbcbde314648ba8cc54a90b32ea1c952)
(From OE-Core rev: 4ee9d5839669560ec10f23445fa8bbc03a4c5406)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Due to signedness, the checksum is not computed when filesize is bigger
a 2GB. Pick a fix for this problem from CPIO ML, where the fix has been
posted for 5 years. Since CPIO upstream is effectively unresponsive and
any and all attempts to communicate with the maintainer and get the fix
applied upstream failed, add the fix here instead.
(From OE-Core rev: bfff138af4bdd356ac66571e6ad91c1a5599b935)
(From OE-Core rev: 8320097487cc46045482f5d0d41ad799a2435bce)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Waffle bugfix release 1.7.1 is now available.
What is new in this release:
- cmake: pass deps' cflags to the build
- gbm: fix crash when platform lacks modifier support
- gitlab-ci: stabilise CI runs under X
- gitlab-ci: add more warnings, make all warnings fatal
- gitlab-ci: update to bullseye
- meson: add override_* support, when using waffle as submodule
- meson: skip installing bash completion when custom prefix is used
- meson: silence deprecation warnings
- meson: generate cmake files only on Windows
- meson: find wayland.xml from wayland-scanner.pc
- misc: zsh completion
- misc: fix dozens of compiler warnings
- misc: update website references
- wayland: fix build against wayland 1.20
The Waffle bugfix release 1.7.2 is now available.
What is new in this release:
- all: use format(gnu_printf), enable in mingw
- meson: don't run TLS checks on mingw
- wgl: remove unused dummy wgl_error.[ch]
Upstream now only generates CMake files on Windows, so remove all
references to CMake.
A zsh completion is now installed, remove this for now as we don't really
use zsh.
(From OE-Core rev: 6b1d94fe5d8728e3eb152426cde08634d248e1f7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 94cf6ef11bba381ab6f65b03ed1ed14022438151)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit e4ebfb5c7892488fc834d9837e9a5a4c28eb676f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
audio: channel-mix: allow up to 64 channels instead of up to 63 channels
AOM AV1 encoder timestamp handling improvements
AV1 video codec caps handling improvements in aom plugin, isomp4 and matroska muxers/demuxers.
avvidenc: fix bitrate control and timestamps off FFmpeg-based video encoders
h264parse: fix missing timestamps on outputs when splitting a frame
rtspsrc: more workarounds for servers with broken control uri handling
playbin3: fix issue with UDP streams, making sure there's enough buffering
qmlglsrc: Fix deadlock when stopping and some other fixes
qtmux: fix default timescale unit for N/1001 framerates
v4l2h264dec: Fix Raspberry Pi4 will not play video in application
vtdec: Fix non-deterministic frame output after seeks
wasapi2src: Fix loopback capture on Windows 10 Anniversary Update
macOS, iOS: Fix Xcode 14 ABI breakage with older Xcode
cerbero: Fix some regressions for CentOS in the 1.20 branch
cerbero: Fix setuptools site.py breakage in Python 3.11
Fix gst-libav build against FFmpeg from git
gobject-introspection annotation fixes for bindings
Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements
Performance improvements
(From OE-Core rev: 102c453668f71dd30c3f0f13502f0993a051d7fe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is specific to Git-for-Windows.
(From OE-Core rev: 472a3e05270deace2862973dee2e65e60f9c0c19)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Function 'gen_updatealternativesvardeps' still used old override
syntax when fetching variable flags. Update to use ':' instead to match
recipe meta data. This was found by review and no real issue encountered
but it is a bug that affects variable dependencies and can affect rebuilds
as task hashes might not be accurate.
(From OE-Core rev: d5fd577c066fa2fddbd16c286f2dde2883cc7828)
Signed-off-by: Peter Bergin <peter.bergin@windriver.com>
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5691f554b2cd50f256a8cbb1d96781e9eb6b930e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is a partial fix for bugzilla 15059 [https://bugzilla.yoctoproject.org/show_bug.cgi?id=15059]
It has been noted by several people that when an initramfs is bundled:
- a lot of the kernel is rebuilt
- it takes a really long time
When looking at the logs, the second kernel compilation (that performs
the bundle) is not using the parallel make settings, and builds with
-j1.
We are already explicitly passing PARALLEL_MAKE when building kernel
modules, and by extending that explicit use to the main kernel
compilation, we ensure that we always get a parallel build.
Build times chnaged from more than 30 minutes for the bundle, to
3 minutes in local testing.
The question of whether or not too much is rebuilding during the
bundle step is still an open question, but with this tweak, at least
the build time is back in the realm of acceptable.
(From OE-Core rev: a2a889b760785474dbc04e3ec11521f6da90161d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 88fd394ecf0f2174b792075d409d87046896426b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This will use default values when no distribution is set.
[YOCTO #15086]
(From OE-Core rev: 01eb8d4ad71c587d56608d83ec4187375b2f4c44)
Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 888fe63b46efceeff08dbe8c4f66fec33d06cb7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reproducer:
1.Enable the ptest of libpam and build the image.
2.Boot the rootfs with nfs, then run the following tests as root:
cd /usr/share/Linux-PAM/xtests
/usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd1
/usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd3
After applying this patch, the ptest doesn't be failed.
(From OE-Core rev: 928b7e880e6a5d1b807cb7f605649233c7195578)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 549e54ad6a175359b0a57987ccdab8989df9d3a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* otherwise it ends '<unknown>' inside esdk, because of parsing order:
# $METADATA_REVISION [3 operations]
# set /OE/build/test-D/conf/local.conf:43
# "f2da54ef432eac89b0f18eaad68e602b6990b5de"
# immediate /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:9
# "${@oe.buildcfg.detect_revision(d)}"
# set /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:10
# [vardepvalue] "${METADATA_REVISION}"
# pre-expansion value:
# "<unknown>"
METADATA_REVISION="<unknown>"
* This causes base-files.do_install and following tasks to have different
signatures between esdk and the build directory where this esdk was created:
bitbake-diffsigs {test-D,poky/build-uninative-disabled}/tmp/stamps/qemux86_64-poky-linux/base-files/*do_install*sigdata*
NOTE: Starting bitbake server...
basehash changed from 5b6981cf58bfd57d416b0e31611b73a26baae635dd1ac31c08d46f95064c3ffc to dbdce042da4d7813d632b6d1cc87a16f728ad20e55fecbc392830e6acf72babd
Variable METADATA_REVISION value changed from '<unknown>' to 'f2da54ef432eac89b0f18eaad68e602b6990b5de'
and an warning from "python3 /OE/build/test-D/ext-sdk-prepare.py" when eSDK is being prepared for use:
WARNING: The base-files:do_install sig is computed to be 83b9c9a6ef1145baac5a1e0d08814b9156af239c58fc42df95c25a9cd8a7f201,
but the sig is locked to 3dc22233059075978e5503691e98e79e7cc60db94259dfcd886bca2291c0add7 in SIGGEN_LOCKEDSIGS_t-qemux86-64
[RP: Add commit about why we need the override for future reference]
(From OE-Core rev: da6f6340f97e80cb1b21f6083ef5d0a9a856eef5)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 675ea7281c17f77bf5dea17cfd4d9da0928382a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Libarchive is being used by OPKG package manager as default
API for extracting tar files. This fix allows us to extract
ipks packages with preserved ACLs and xattrs.
Partially addresses [YOCTO #15091]
[RP: Merge into main PACKAGECONFIG and tweak commit message]
(From OE-Core rev: b1f80f0a2bf30698192c7a214c5802b76464d095)
Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 913aad1ac013368aef8f6af332588ef24bba46bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Avoids pulling in potential GPLv3 packages through python3-misc catch-all.
python3-core is the intended minimal RDEPENDS for packages requiring python3
support. Other python3 module dependencies should be listed explicitly.
(From OE-Core rev: d4e9a2c0c666244f5a197682dabe018a4a3e06f8)
Signed-off-by: Kyle Russell <bkylerussell@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 231f93becad619f6afa383f9b1132f1d4b02fa64)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This release contains the fix for CVE-2023-1393 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-March/003374.html
Benno Schulenberg (1):
xkbUtils: use existing symbol names instead of deleted deprecated ones
Olivier Fourdan (2):
composite: Fix use-after-free of the COW
xserver 21.1.8
git tag: xorg-server-21.1.8
(From OE-Core rev: 732b51f073105d4c6a0e2e06c559bffcac093fbf)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7b08dff8f46bcaa05f7fbffbe27d524579af4faf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This reverts commit dc2c777cab0230fc54e078d20d872aaa9287a8b9.
Fixed in subsequent version bump
(From OE-Core rev: 151149b590a9051a6de58115a6796ccf17894498)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
- Reverted a change introduced in 1.14.1 which introduced crashes both
with WebKitGTK and WPE running under Wayland in some configurations.
- Fix a crash caused by wrong assertion, which was typically triggered in
debug builds when using the NVidia drivers.
- Fix WebKit no longer repainting after provisional navigation with
PSON enabled.
- Fix graphics buffer leaks by always freeing them in buffer destroy
listener callbacks.
(From OE-Core rev: 7991fb7aa30cf56105ebbe060195f16aa1c9b6da)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit aa37e18a51714af3281b4127dceb40b38aa8ac3c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
Upstream patches:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
(From OE-Core rev: 335ad8a6d795cd94b872370e44a033ce3fbf4890)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If a package with a postsints script requires ldconfig, the package class adds
a ldconfig postinst fragment to initialize it before. Systemd has its own
ldconfig.service to initialize it and sometimes if both services are running
at the same time in the first boot, the first one will work, but the second
one will fail with the following error:
ldconfig[141]: /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: No such file or directory
This commit adds a ordering dependency between them to make sure that only one
service is running at the same time.
(From OE-Core rev: 5fca673d8fe0ee97dc37ed2c9941696842cd667a)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e9d812e127dc6743f52f4881e509e8e2e833afe)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bruce Ashfield
Bhabu Bindu
Daniel Ammann
Lee Chee Yang
Michael Opdenacker
Quentin Schulz
Tom Hochstein
Zoltan Boszormenyi
Ming Liu
Peter Kjellerstedt
Alexander Kanavin
Enrico Jörns
Khem Raj
Richard Purdie
Martin Siegumfeldt
Jan Luebbe
Eero Aaltonen
leimaohui
Martin Jansa
Marek Vasut
Upgrade Helper
Pablo Saavedra
Sakib Sajal
Archana Polampalli
Steve Sakoman
Peter Bergin
Thomas Roos
Zhixiong Chi
Piotr Łobacz
bkylerussell@gmail.com
Dmitry Baryshkov
Wang Mingyu
Yoann Congal
Peter Marko
Arturo Buzarra