Add CVE-2023-51767 to CVE_CHECK_IGNORE to avoid in cve-check reports
as upstream does not consider CVE-2023-51767 a bug underlying in
OpenSSH and does not intent to address it in OpenSSH.
(From OE-Core rev: de4186610335201c69d8952d605bb291f4a7427c)
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
Signed-off-by: Sana Kazi <sana.kazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.
(From OE-Core rev: 8df158f39f1eed1e3ae88ddf935c67e067b72525)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Typo prevents cupsd to start correctly with following error:
Unable to read "/etc/cups/cupsd.conf" due to errors.
Using `/usr/sbin/cupsd -t` to check the configuration:
Unknown authorization type Defaul on line 77 of /etc/cups/cupsd.conf.
Unknown Policy Limit directive AuthType on line 77 of /etc/cups/cupsd.conf.
(From OE-Core rev: eab100205bc5cdffc5ccc7752e1ee5abd9ebb58a)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Try to particularly emphasize that it can be used to find
out why something rebuilds when it shouldn't.
(From yocto-docs rev: 1cd543e62e8f1b65e65108d919c2f481001e044c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The documentation of the variable SPDX_NAMESPACE_PREFIX does not exist.
This variable is used to change the prefix of some links in SPDX docs.
(From yocto-docs rev: 0055b7ea1cdf72359695e08fe6d2ca9a405fba51)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
According to errors reported by "make stylecheck"
(From yocto-docs rev: b3aaf4523190f7528d49c29a9aea234bb1647eae)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* this is often confused to apply for e.g. meta-oe as well
where it doesn't apply as meta-oe has own ML mentioned
in README.
(From yocto-docs rev: 98102408fe5468529e040a138f09c8fbc5fe065a)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Allowing to remove nested parentheses in the text!
(From yocto-docs rev: a0ba062f8b31426f80ccd760e29b054405ee2a8e)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Instead of "manpage(s)" or "man page(s)".
To address one of the errors reported by "make stylecheck"
(From yocto-docs rev: f6e69f8877d1d33200993f21b448e7fa3cf7859b)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Plus a few text styling improvements, some reported by "make stylecheck"
(From yocto-docs rev: ce0e83716197773d8eae0c2f0edc1cf290ebd60f)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use the "Vale" (https://vale.sh) tool to perform text style checks
Run "make stylecheck" to run the checks.
This just checks the text, not the Sphinx syntax style choices.
(From yocto-docs rev: e3e4ba2aa963d4d178c4e9e842e66f4ee4bd3736)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backports missing license from master to kirkstone.
(From OE-Core rev: 26a878cbfbb3bc7a6e892e105577ebf8138ce150)
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When using the gcc-sanitizers as part of the SDK on a Linux with a newer
kernel, the ASAN fails randomly. This was seen on Ubuntu 22.04.
This is also described at
https://stackoverflow.com/questions/77894856/possible-bug-in-gcc-sanitizers
Backport the fix from LLVM project, as gcc has not yet backported
anything for the 11 series.
(From OE-Core rev: 7af8e24d6c60a01e398b10a57939947fb156feec)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
https://github.com/urllib3/urllib3/releases/tag/1.26.18
Major changes in python3-urllib3 1.26.18:
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
(cherry picked from OE-Core rev: 74da05b63634c248910594456dae286947f33da5)
(From OE-Core rev: c473f32184ea0ab41f6eb4c8dcc1d7bb5fd7b16f)
Signed-off-by: Tan Wen Yan <wen.yan.tan@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which multiple
buffer fills are needed.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
Changes related to test directory are not included as most of the files are not present
and are introduced in the later version.
(From OE-Core rev: 1bdcd10930a2998f6bbe56b3ba4c9b6c91203b39)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Document the convention to use variables prefixed by VIRTUAL_RUNTIME.
Add references to the new term where possible.
Another reason is that such variables are recommended
in a warning issued by meta/classes-global/insane.bbclass
(From yocto-docs rev: db88c2021062c95fe49b54351952753390d45a6a)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reported-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This adds some hints that and how changes should be tested when contributing.
Fixes [YOCTO #15412]
(From yocto-docs rev: 649843f4d20d1d840e1c6c4ce15e89b3a8508e0f)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix some hyphens being improperly used as em dashes.
See https://www.grammarly.com/blog/hyphens-and-dashes/
Using em dashes may also allow Sphinx to hyphenate
and break lines in the best way.
Note that the first character after an em dash not
supposed to be capitalized, unless a specific
rule applies, typically when what follows is a proper noun.
Fix a few misuses of parentheses in following text.
(From yocto-docs rev: a0d93ea1ddfdfbcde8dac3aa328307be778f9e3c)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add missing documentation on how to add multiple groups with a single
GROUPADD_PARAM:${PN}
(From yocto-docs rev: 46f82dcb3b4042491efd44b9c15a06e3c910ec85)
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The SDKPATH variable seems mistakenly identified as the
default path where the SDK will be installed by the generated
installation script, unless option '-d' or a manual input
overrides this default.
The intended variable is SDKPATHINSTALL. SDKPATH indicates
where the SDK is being composed and built.
The definitions have been added/updated.
(From yocto-docs rev: f7ce2abbdcff625356b337137e91f642ff6a4dc2)
Signed-off-by: Johan Bezem <jbezem.extern@arri.de>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
calling 'sync' from do_compile in the middle of big OE world
build harms the build time.
(From OE-Core rev: b2de7d75692fd4c9e0a6f46a099b89089edb10d4)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
wireless-regdb: update regulatory database based on preceding changes
wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
wireless-regdb: Update regulatory info for Türkiye (TR)
wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidel...
wireless-regdb: Update regulatory rules for Philippines (PH)
(From OE-Core rev: 3af65ed130493e14a87818b76b06f9ca7c717874)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2f5edb6904bf16a9c52a9b124aeb5297487cd716)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: 717f0df5f35272f7706e4f92cc8b57cdda8066b6)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
(From OE-Core rev: 38402b5e89d43bf2a45c8f5f2d631033be5019cd)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database
(From OE-Core rev: a98387021d80b5055a773f909eb685513902fb12)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).
Remove it to avoid confusion. Otherwise, this should not change
anything.
(From OE-Core rev: b6285f0549d1c708adfe147c63eb6cda24462ff3)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.
With a value of "0", this forces a full-redownload.
(From OE-Core rev: 5259971a4785e7f664c0f588f34f8ef537c5c4c5)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time, a
recursive XML Entity Expansion condition can be triggered.This issue may lead to
a condition where data is expanded exponentially, which will quickly consume system
resources and cause a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52426https://github.com/libexpat/libexpat/pull/777
(From OE-Core rev: aa20dd9eb68f04a5f1556123ad1b2398de911d93)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bumping the reference BSPs to match the version of the qemu*
BSPs in oe-core.
(From meta-yocto rev: 26e04e6682c2658673b0295f853a59c630d5e16d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/5.15:
1/1 [
Author: Christoph Hellwig
Email: hch@lst.de
Subject: block, loop: support partitions without scanning
Date: Fri, 27 May 2022 07:58:06 +0200
Historically we did distinguish between a flag that surpressed partition
scanning, and a combinations of the minors variable and another flag if
any partitions were supported. This was generally confusing and doesn't
make much sense, but some corner case uses of the loop driver actually
do want to support manually added partitions on a device that does not
actively scan for partitions. To make things worsee the loop driver
also wants to dynamically toggle the scanning for partitions on a live
gendisk, which makes the disk->flags updates non-atomic.
Introduce a new GD_SUPPRESS_PART_SCAN bit in disk->state that disables
just scanning for partitions, and toggle that instead of GENHD_FL_NO_PART
in the loop driver.
[bva: Notes for this backport:
- drop return code in disk_scan_partitions for GD_SUPPRESS_PART_SCAN.
The check doesn't strictly need ot be in this routine in 5.15, but
this faciliates future changes in this area, since there are
other checks in the same function.
- GD_SUPPRESS_PART_SCAN could go to genh.c, but genhd.c includes
blkdev.h, so we leave the new GD_SUPPRESS_PART_SCAN definition
in the same places as where it was introduced upstream to keep
the changes to a minimum
- upstream commit e16e506ccd673 merges blkdev_reread_part into
disk_scan_partitions. Backporting that change is more churn
than we need, so we also add the check for GD_SUPPRESS_PART_SCAN
into that routine to have the check hit in a 5.15 context.
]
Upstream-Status: Backport [commit b9684a71fca79]
Fixes: 1ebe2e5f9d68 ("block: remove GENHD_FL_EXT_DEVT")
Reported-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20220527055806.1972352-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 768ac24afff43d58c32617025391049d5d0d166b)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sana Kazi
Alex Stewart
Jonathan GUILLOT
Alexander Kanavin
BELOUARGA Mohamed
Michael Opdenacker
Martin Jansa
Lee Chee Yang
Colin McAllister
Claus Stovgaard
Tan Wen Yan
Vijay Anusuri
Meenali Gupta
aszh07
Simone Weiß
Geoff Parker
Johan Bezem
Luca Ceresoli
Haitao Liu
Michael Halstead
Alex Kiernan
Wang Mingyu
Yoann Congal
Peter Marko
Steve Sakoman
Bruce Ashfield
Nikhil R