Updating to the latest korg -stable release that comprises
the following commits:
21732fd22497 Linux 5.4.252
9399ea1ce481 x86: fix backwards merge of GDS/SRSO bit
bc7b9a6c2ca4 xen/netback: Fix buffer overrun triggered by unusual packet
43ed6f79b3e7 x86/cpu, kvm: Add support for CPUID_80000021_EAX
1f0618bb2456 x86/bugs: Increase the x86 bugs vector size to two u32s
08ba48152a8a tools headers cpufeatures: Sync with the kernel sources
694b40dcfb41 x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
4fa849d4af68 x86/cpu: Add VM page flush MSR availablility as a CPUID feature
998eec066607 x86/cpufeatures: Add SEV-ES CPU feature
3e21d8b0f3a9 Documentation/x86: Fix backwards on/off logic about YMM support
ad7670dd65cb x86/mm: Initialize text poking earlier
979366f5c2aa mm: Move mm_cachep initialization to mm_init()
3d1b8cfdd0c9 x86/mm: Use mm_alloc() in poking_init()
ddcf05fe8850 x86/mm: fix poking_init() for Xen PV guests
3f8968f1f0ad x86/xen: Fix secondary processors' FPU initialization
e56c1e0f9134 KVM: Add GDS_NO support to KVM
ed56430ab253 x86/speculation: Add Kconfig option for GDS
e35c65794365 x86/speculation: Add force option to GDS mitigation
f68f9f2df68e x86/speculation: Add Gather Data Sampling mitigation
6e6044366897 x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
2ee37a46aa13 x86/fpu: Mark init functions __init
77fe8150579c x86/fpu: Remove cpuinfo argument from init functions
95356fff6fee init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
7aa2cec22e28 init: Invoke arch_cpu_finalize_init() earlier
944d5c3ffa4b init: Remove check_bugs() leftovers
a03ef708788e um/cpu: Switch to arch_cpu_finalize_init()
98c3955e145f sparc/cpu: Switch to arch_cpu_finalize_init()
568d68fc1dd4 sh/cpu: Switch to arch_cpu_finalize_init()
18cd611a3eaa mips/cpu: Switch to arch_cpu_finalize_init()
2febb4a73004 m68k/cpu: Switch to arch_cpu_finalize_init()
1f4494ea77e8 ia64/cpu: Switch to arch_cpu_finalize_init()
73719e89e32b ARM: cpu: Switch to arch_cpu_finalize_init()
1743bc756b6b x86/cpu: Switch to arch_cpu_finalize_init()
afe787cf253b init: Provide arch_cpu_finalize_init()
(From OE-Core rev: 9255ec4beb9eaa6f5d4b8a51a6b2ac4e511309fc)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use autotools-brokensep as new version needs that.
upgrade include fix for CVE-2020-21686 and CVE-2022-29654
(cherry picked from commit c9c724ffa36757b56e70bc8d7b880c0c5777b153)
(From OE-Core rev: ed262f94b81cbf78e6a335912875bee8a65ca7c6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
https://docs.python.org/release/3.8.18/whatsnew/changelog.html#changelog
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.
(From OE-Core rev: 9205496344bede4a16372ca7a02c2819a976640b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: 93efa56fb87217035275dcb04c4a19b79b95ccaf)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: bd594af20fce07908f8e0fb1765b0e0ccc641e86)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add patch from libwebp 1.1.0 to fix CVE-2023-5129.
(From OE-Core rev: 2ab6568d35e3d68f77a73bf56eb2d38aa6ada236)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes multiple CVE fixes.
The license change is due to changes in maintainership, the license
itself is unchanged.
(From OE-Core rev: a9d194f21a3bdebca8aaff204804a5fdc67c76d1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91e66b93a0c0928f0c2cfe78e22898a6c9800f34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.
(From OE-Core rev: 87d92cb3d20c2686caddaa29cd17e18850ad9484)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Tested-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The time and timeout tests are sensitive to system load, and as we run
these on build machines they fail randomly.
[ YOCTO #14371 ]
(From OE-Core rev: d2b62913a5771169265171129fe972c8e252fe04)
(From OE-Core rev: 309f1c6166f8535fa61fd1d01924df3c7fe9fbba)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a84b8d683b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- Update according to changes in SANITY_TESTED_DISTROS
(meta-poky/conf/distro/poky.conf)
- No longer declare as "Supported" the distributions versions
which are End of Life for their vendors, as some of them
(Ubuntu for example) ship updates to subscribers only,
which the Yocto Project has no access to.
- List distribution versions which were previously tested
for the branch of the Yocto Project being considered.
(From yocto-docs rev: ed345f43ed1e5fcceeff5ab77aaa43763f08f598)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
On our slower arm server, the tests currently timeout leading to inconsistent test
results. Increase the timeout to avoid this and aim to make the test results
consistent.
(From OE-Core rev: 76b065b3e802fc7dfa9a370e273b8a4187072623)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a8b49208f3c99e184eab426360b137bc773aa31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We have a suspicion that the read() call may return EAGAIN on the non-blocking
fd and this may truncate test output leading to some of our intermittent failures.
Tweak the code to avoid this potential issue.
(From OE-Core rev: 605d832e86f249100adaf3761b4e1701401d0b76)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8920c105725431e989cceb616bd04eaa52127ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This provides a more reliable test execution when running tests that
write a large buffer/file and significantly reduces the localedata test
failures.
(From OE-Core rev: 1f35336edf13496432fb68e7e048a5c137fc3e47)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 97a7612e3959bc9c75116a4e696f47cc31aea75d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Allows setting up NFS over TCP as well.
(From OE-Core rev: 148e009374dcbd2101223cf33f2ff69c75895b71)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1ff9b9a3b7f7924aea67d2024581bea2e916036)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Some of the tests trigger OOM and fail. Increase the amount of memory
available so we dont run into these issues.
(From OE-Core rev: 50b07b4c0c814f2832816cf83863687155429b21)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d22dba482cb19ffcff5abee73f24526ea9d1c2a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Dont fill up the test log with ssh warning about having added the host
to list of known hosts.
Also helps fix a test case failure where stderr log was being compared
to a known value.
(From OE-Core rev: 781c52bb8f9ffe6aeb456fb0c0d628917641fb22)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63b31ff7e54a171c4c02fca2e6b07aec64a410af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Due to an oversight in the do_symlink_kernsrc function, the path
comparison between "S" and "STAGING_KERNEL_DIR" is broken. The code
obtains both variables, but modifies the local copy of "S" before
comparing them, causing the comparison to always return false.
This can cause the build to fail when the EXTERNALSRC flag is enabled,
since the code will try to create a symlink even if one already exists.
This patch resolves the issue by comparing the variables before they are
modified.
(From OE-Core rev: 27a982807caa7ffbdf2d4ef02bc0b037150b1b3b)
Signed-off-by: Staffan Rydén <staffan.ryden@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit afd2038ef8a66a5e6433be31a14e1eb0d9f9a1d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
non-release indexes will continue to generate when test output is
corrupted.
(From OE-Core rev: 31b996c01c72749fc62821a3c9d1da70540bfad6)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a9157684a6bff8406c9bb470cb2e16ee006bbe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add in stable updates to glibc 2.38 to fix malloc bugs
(From OE-Core rev: 2850119bce7aa9788ab8b163311d42ea273ca1df)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
remove the traling blanks before the ;-delimiter, so one could use
"_remove" to avoid running tasks like 'rootfs_update_timestamp',
which are currently hardcoded and not bound to any
configurable feature flag
(From OE-Core rev: 18246f0bfedb5c729a0fc5b515f25a1ed0cde191)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556
qemu.git$ git log --no-merges --oneline --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues
Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330
(From OE-Core rev: 45ce9885351a2344737170e6e810dc67ab3e7ea9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Run generate-cve-exclusions.py to generate the ignore lists. This file
is maintained separately from the existing manual whitelist entries.
(From OE-Core rev: b63743410e758ba116adb74a483b7c2d2aedf3b3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_WHITELIST data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from www.linuxkernelcves.com directly.
The script should be passed the path to a local clone of the
linuxkernelcves repository[1] and the kernel version number. It will
then write to standard output the CVE_STATUS entries for every known
kernel CVE.
The script should be periodically reran as CVEs are backported and
kernels upgraded frequently.
[1] https://github.com/nluedtke/linux_kernel_cves
Note: for the Dunfell backport this is not a cherry-pick of the commit
in master as the variable names are different. This incorporates the
following commits:
linux/generate-cve-exclusions: add version check warning
linux/generate-cve-exclusions.py: fix comparison
linux-yocto: add script to generate kernel CVE_STATUS entries
(From OE-Core rev: 496c0b8fab5dd87102c3a63656debdb3aa214ae7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
str.format() doesn't use % notation, update the formatting to work.
assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.
(From OE-Core rev: 2be0f2c62fb893f093091cbb30967f32f9d3165b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.
(From OE-Core rev: cdc671271327ca61e5321b8890921d08ecd8799d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This version includes fixes to patchelf.
(From OE-Core rev: 600ef23e30c27b4ec0f54c9b03d6386bccd5390f)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c5c8ff97ba0a7f9adc592d702b865b3d166a24b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
For newest Qualcomm platforms the firmware for the Adreno GPU consists
of two parts: platform-independent SQE/GMU/GPMU/PFP/PM4 and
platform-specific ZAP shader, which is used during the boot process. As
the platform-independent parts can be shared between different
platforms, split the platform-specific part to the separate package.
(From OE-Core rev: 3ae53403b019b699f59c3ab9ba7b822041773dc7)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf00a042d2fa2eb4b20d8c5982926758821bf990)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
RTL8822 is a serie of wireless modules that need firmwares to function correctly.
The linux firmware recipe does not have a package of these firmwares, and this commit add them.
(From OE-Core rev: f1a4db02831e70782a896b699cc2fa427cbd8e62)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6459959beeb91c0b694f5f17b6587a12c6dcb087)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Latest linux-firmware archive inclues firmware for the Dragonboard 410c
device (Qualcomm apq8016 SBC). Follow the rest of linux-firmware-qcom-*
packages as a template and create packages for the new firmware files.
(From OE-Core rev: 0f4582034a41f4abc746bffe5892a8d393a5a8f7)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 380216e8d3b63d563ebfb10445fc6eb5e77eb9f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bruce Ashfield
Alexander Kanavin
Lee Chee Yang
Siddharth Doshi
Vijay Anusuri
Archana Polampalli
Colin McAllister
Ashish Sharma
Richard Purdie
Ross Burton
Michael Opdenacker
Steve Sakoman
Ross Burton
Anuj Mittal
Staffan Rydén
Michael Halstead
Priyal Doshi
Shubham Kulkarni
Kai Kang
Yoann Congal
Dmitry Baryshkov
BELOUARGA Mohamed