Updating to the latest korg -stable release that comprises
the following commits:
a8d812240fdd Linux 5.10.198
660627c71bc1 xen/events: replace evtchn_rwlock with RCU
1e3d016a9506 mmc: renesas_sdhi: only reset SCC when its pointer is populated
a7d86a77c33b netfilter: nftables: exthdr: fix 4-byte stack OOB write
84f6b686df2d netfilter: nf_tables: fix kdoc warnings after gc rework
c17446c00805 parisc: Restore __ldcw_align for PA-RISC 2.0 processors
cfc333393ae6 RDMA/mlx5: Fix NULL string error
0d520cdb0cd0 RDMA/siw: Fix connection failure handling
5a4a6a47e074 RDMA/uverbs: Fix typo of sizeof argument
626868282c36 RDMA/cma: Fix truncation compilation warning in make_cma_ports
7de0e42444e9 RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
36953b4da78b gpio: pxa: disable pinctrl calls for MMP_GPIO
6ad972e66870 gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
d7d8f1a679ec IB/mlx4: Fix the size of a buffer in add_port_entries()
204c2d485f86 of: dynamic: Fix potential memory leak in of_changeset_action()
b74f12f98b7f RDMA/core: Require admin capabilities to set system parameters
ccd87fe7a0f6 dm zoned: free dmz->ddev array in dmz_put_zoned_devices
82d87c944ea8 cpupower: add Makefile dependencies for install targets
492241613cf4 sctp: update hb timer immediately after users change hb_interval
f87658493898 sctp: update transport state when processing a dupcook packet
ff346b01eba5 tcp: fix delayed ACKs for MSS boundary condition
677aaa261e7a tcp: fix quick-ack counting to count actual ACKs of new data
6a24d0661fa3 tipc: fix a potential deadlock on &tx->lock
b9f1568ba37f net: stmmac: dwmac-stm32: fix resume on STM32 MCU
3a5142f01758 netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
0ba9348532bd netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
b212f361a5d1 net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
dba849cc9811 net: nfc: llcp: Add lock when modifying device list
30bc4d7aebe3 net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
d44346dda7d4 net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
96b2e1090397 ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
2ea52a2fb8e8 net: fix possible store tearing in neigh_periodic_work()
6e3d9e5caba8 modpost: add missing else to the "of" check
225cd4f67bd4 NFSv4: Fix a nfs4_state_manager() race
d8f2ba9ec358 ima: rework CONFIG_IMA dependency block
77f82df960cb scsi: target: core: Fix deadlock due to recursive locking
a9430129d8db ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
725fd2080559 regmap: rbtree: Fix wrong register marked as in-cache when creating new node
666cdc43df24 wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
54a4faab2baa drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
93dd471d3a2f bpf: Fix tr dereferencing
10a18c8bac7f wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
8c15c1bcc5b5 wifi: iwlwifi: dbg_ini: fix structure packing
a5f643ab1163 ubi: Refuse attaching if mtd's erasesize is 0
33420a82067b arm64: Add Cortex-A520 CPU part definition
81d03e251894 net: prevent rewrite of msg_name in sock_sendmsg()
72fc02ebfc93 net: replace calls to sock->ops->connect() with kernel_connect()
1aeff207e295 wifi: mwifiex: Fix tlv_buf_left calculation
f6f25930fa34 qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
b9c4b3ca9016 scsi: zfcp: Fix a double put in zfcp_port_enqueue()
04b6b67a3e77 Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3"
c2cf152e8bb8 Revert "clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz"
f94471c0cc31 block: fix use-after-free of q->q_usage_counter
0d6987d4a34c rbd: take header_rwsem in rbd_dev_refresh() only when updating
d3d170c5fc06 rbd: decouple parent info read-in from updating rbd_dev
3ceb306f9b2d rbd: decouple header read-in from updating rbd_dev->header
7c4f11d73b24 rbd: move rbd_dev_refresh() definition
d0952ce316d1 drm/mediatek: Fix backport issue in mtk_drm_gem_prime_vmap()
c33d75a57a81 ring-buffer: Fix bytes info in per_cpu buffer stats
0ecde7dd766f ring-buffer: remove obsolete comment for free_buffer_page()
2ad1a1d3d616 NFSv4: Fix a state manager thread deadlock regression
ec4325e80633 NFS: rename nfs_client_kset to nfs_kset
598539f38c72 NFS: Cleanup unused rpc_clnt variable
19f3d5d13b75 spi: zynqmp-gqspi: fix clock imbalance on probe failure
2cdec9c13f81 spi: spi-zynqmp-gqspi: Fix runtime PM imbalance in zynqmp_qspi_probe
ae03dafc3761 fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
8ec1abb59a98 ata: libata-sata: increase PMP SRST timeout to 10s
dc0bd0f2da5c ata: libata-core: Do not register PM operations for SAS ports
531d9f6dbfd5 ata: libata-core: Fix port and device removal
99d308c31923 ata: libata-core: Fix ata_port_request_pm() locking
eaf449666221 net: thunderbolt: Fix TCPv6 GSO checksum calculation
72595dbfcae3 bpf: Fix BTF_ID symbol generation collision in tools/
6a80578bd441 bpf: Fix BTF_ID symbol generation collision
cbbfdb4bab70 btrfs: properly report 0 avail for very full file systems
ef47f25e98de ring-buffer: Update "shortest_full" in polling
b7a0df4c0877 proc: nommu: /proc/<pid>/maps: release mmap read lock
acc7fc82d0ad Revert "SUNRPC dont update timeout value on connection reset"
e3b8c9e0fc3c i2c: i801: unregister tco_pdev in i801_probe() error path
b664e9db8d2c ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
25872c67de20 ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
5a03b42ae1ed netfilter: nf_tables: disallow rule removal from chain binding
7130a87ca323 nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
e14afa4450cb serial: 8250_port: Check IRQ data before use
6d5c8862932d Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
14443223e08c Smack:- Use overlay inode label in smack_inode_copy_up()
297c51c63fe1 smack: Retrieve transmuting information in smack_inode_getsecurity()
41de7a6b95df smack: Record transmuting in smk_transmuted
831f18c735e2 nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
fb28f89d50c0 netfilter: nft_exthdr: Fix for unsafe packet data read
e18216cd0ec7 netfilter: nft_exthdr: Search chunks in SCTP packets only
152b8ac839c9 watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
13b7d49f339a watchdog: iTCO_wdt: No need to stop the timer in probe
0d599a3f57a5 nvme-pci: do not set the NUMA node of device if it has none
97e148dcb97d nvme-pci: factor out a nvme_pci_alloc_dev helper
71357c751fb2 nvme-pci: factor the iod mempool creation into a helper
38f82cf86096 ACPI: Check StorageD3Enable _DSD property in ACPI code
67025d565450 cgroup: Fix suspicious rcu_dereference_check() usage warning
b2788f6d4924 sched/cpuacct: Optimize away RCU read lock
82756d8a2394 sched/cpuacct: Fix charge percpu cpuusage
f8e8e72c58c7 sched/cpuacct: Fix user/system in shown cpuacct.usage*
ef3c728ca0d4 perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
da91481c5d2b fbdev/sh7760fb: Depend on FB=y
ffc459a93065 ncsi: Propagate carrier gain/loss events to the NCSI controller
8c2500228b8f powerpc/watchpoints: Disable preemption in thread_change_pc()
f5bdbed0361c media: vb2: frame_vector.c: replace WARN_ONCE with a comment
ebc91848062e bpf: Clarify error expectations from bpf_clone_redirect
0118244848a5 spi: nxp-fspi: reset the FLSHxCR1 registers
f6cf19c1b313 ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
2afd8fcee0c4 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
0decc581e1dc scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
f44e66447c4f platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
cee5151c5410 ring-buffer: Do not attempt to read past "commit"
2956e33fb4f8 selftests: fix dependency checker script
9ccce21bd77b ring-buffer: Avoid softlockup in ring_buffer_resize()
5dfcb92905b3 selftests/ftrace: Correctly enable event in instance-event.tc
38ef4b2e4dca scsi: qedf: Add synchronization between I/O completions and abort
2081b2a15b08 parisc: irq: Make irq_stack_union static to avoid sparse warning
f47efdffdc13 parisc: drivers: Fix sparse warning
d967a9472bf9 parisc: iosapic.c: Fix sparse warnings
7b2440c2d64f parisc: sba: Fix compile warning wrt list of SBA devices
c79300599923 dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
061f40275338 i2c: npcm7xx: Fix callback completion ordering
dd81e91b2efc gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
b317f69871ef xtensa: boot/lib: fix function prototypes
be17dfdcc87a xtensa: boot: don't add include-dirs
a10bfbe599b7 xtensa: iss/network: make functions static
608af5511a8f xtensa: add default definition for XCHAL_HAVE_DIV32
3696261859c5 power: supply: ucs1002: fix error code in ucs1002_get_property()
eff55feb8b87 bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
1bc88671960f ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
a2a592adad7c ARM: dts: Unify pwm-omap-dmtimer node names
2d9c9589da6a ARM: dts: am335x: Guardian: Update beeper label
ef83f35ced40 ARM: dts: motorola-mapphone: Drop second ti,wlcore compatible value
12a28c379ef8 ARM: dts: motorola-mapphone: Add 1.2GHz OPP
afdc40a74ae3 ARM: dts: motorola-mapphone: Configure lower temperature passive cooling
093a9a02d4d5 ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
28e5423ad8fb ARM: dts: omap: correct indentation
50789f37239c clk: tegra: fix error return case for recalc_rate
0fd5839e2504 bus: ti-sysc: Fix missing AM35xx SoC matching
1d4d846e2a49 bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
a8ee76d72737 MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
d678c078f302 btrfs: reset destination buffer when read_extent_buffer() gets invalid range
a1f85bc9bc69 ata: ahci: Add Elkhart Lake AHCI controller
51d190cc98de ata: ahci: Rename board_ahci_mobile
8061c399c83b ata: ahci: Add support for AMD A85 FCH (Hudson D4)
0156cce71f8e ata: libata: Rename link flag ATA_LFLAG_NO_DB_DELAY
9f0d34663025 netfilter: nft_exthdr: Fix non-linear header modification
ed60b8014c9a netfilter: exthdr: add support for tcp option removal
10670abe1115 netfilter: nft_exthdr: break evaluation if setting TCP option fails
45b3eb6afcff netfilter: nf_tables: add and use nft_thoff helper
39546418b84d netfilter: nf_tables: add and use nft_sk helper
af844ba799b5 netfilter: nft_exthdr: Support SCTP chunks
858ca1921639 netfilter: use actual socket sk for REJECT action
2d9ea86f3c4a media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts
c4cc1f690f19 media: venus: hfi: Add a 6xx boot logic
4596fece3c24 media: venus: core: Add differentiator IS_V6(core)
3ed9d3dc244b media: venus: hfi: Define additional 6xx registers
ebccb53232cc media: venus: hfi,pm,firmware: Convert to block relative addressing
4ccdeb68da0c media: venus: core: Add io base variables for each block
6d3745bbc334 mmc: renesas_sdhi: register irqs before registering controller
995ef65e4b5c mmc: tmio: support custom irq masks
97eb045386de mmc: renesas_sdhi: populate SCC pointer at the proper place
7217ceb61a47 mmc: renesas_sdhi: probe into TMIO after SCC parameters have been setup
e492f8125133 Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
677bff659fd3 Input: i8042 - rename i8042-x86ia64io.h to i8042-acpipnpio.h
3fac8ce48fa9 netfilter: nf_tables: double hook unregistration in netns path
e51f30826bc5 netfilter: nf_tables: unregister flowtable hooks on netns exit
5e95c88e9061 i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
0a78bcc2d526 gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
f515112e8337 net: rds: Fix possible NULL-pointer dereference
466e88548e19 bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
78106529b390 locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
a8dd21118b0f seqlock: Prefix internal seqcount_t-only macros with a "do_"
ac01a0dd7905 seqlock: Rename __seqprop() users
a8460ee6c80b seqlock: avoid -Wshadow warnings
f1893feb20ea netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
b44dd92e2afd team: fix null-ptr-deref when team device type is changed
04cc361f029c net: bridge: use DEV_STATS_INC()
1671dc1b25e5 net: hns3: add 5ms delay before clear firmware reset irq source
309af4a39b8e net: hns3: only enable unicast promisc when mac table full
ae806c74c063 x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
423ba1b3a5a7 x86/srso: Fix srso_show_state() side effect
1ec40ef6f765 platform/x86: intel_scu_ipc: Fail IPC send if still busy
4c5eaf6d8bb4 platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command()
441b61d742ef platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt()
c463898b6e72 platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
60d73c62e3e4 dccp: fix dccp_v4_err()/dccp_v6_err() again
09a1c790e1b9 powerpc/perf/hv-24x7: Update domain value check
8689c9ace976 ipv4: fix null-deref in ipv4_link_failure
47907ebeb77a i40e: Fix VF VLAN offloading when port VLAN is configured
a91861446f1c ASoC: imx-audmix: Fix return error with devm_clk_get()
c4ecedf980b0 selftests: tls: swap the TX and RX sockets in some tests
78ef69b6e770 selftests/tls: Add {} to avoid static checker warning
388c9d3eefae bpf: Avoid deadlock when using queue and stack maps from NMI
6dc85d848c26 netfilter: nf_tables: disallow element removal on anonymous sets
a45632f99713 ASoC: meson: spdifin: start hw on dai probe
09c85f2d21ab netfilter: nf_tables: fix memleak when more than 255 elements expired
4deaf1316b42 netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
26d0e4d632f8 netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
b796c4e4bf29 netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
c323ed65f66e netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
09f2dda1e576 netfilter: nf_tables: defer gc run if previous batch is still pending
b71dcee2fc9c netfilter: nf_tables: use correct lock to protect gc_list
23292bdfda5f netfilter: nf_tables: GC transaction race with abort path
dc0b1f019554 netfilter: nf_tables: GC transaction race with netns dismantle
4046f2b56e5a netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
891ca5dfe3b7 netfilter: nf_tables: don't fail inserts if duplicate has expired
911dd3cdf108 netfilter: nf_tables: remove busy mark and gc batch API
77046cb00850 netfilter: nft_set_hash: mark set element as dead when deleting from packet path
146c76866795 netfilter: nf_tables: adapt set backend to use GC transaction API
448be0774882 netfilter: nf_tables: GC transaction API to avoid race with control plane
b15ea4017af8 netfilter: nf_tables: don't skip expired elements during walk
f8bf7706151a netfilter: nf_tables: integrate pipapo into commit protocol
9b65bff30a61 tracing: Have event inject files inc the trace array ref count
f8a86ab3c4a4 ext4: do not let fstrim block system suspend
c502b09d9bef ext4: move setting of trimmed bit into ext4_try_to_trim_range()
e78e9f08a24e ext4: replace the traditional ternary conditional operator with with max()/min()
cbf6a0f65404 ext4: mark group as trimmed only if it was fully scanned
5eaf4a1e06cf ext4: change s_last_trim_minblks type to unsigned long
24a86315a353 ext4: scope ret locally in ext4_try_to_trim_range()
da1895f731f3 ext4: add new helper interface ext4_try_to_trim_range()
6f5fc957dfb7 ext4: remove the 'group' parameter of ext4_trim_extent
69c966583022 ata: libahci: clear pending interrupt status
11d15a115c90 ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones
407bf1c140f0 tracing: Increase trace array ref count on enable and filter files
3f7df02fa0d4 SUNRPC: Mark the cred for revalidation if the server rejects it
25ae2b2fdb12 NFS/pNFS: Report EINVAL errors from connect() to the server
26db22a6397b NFS: Use the correct commit info in nfs_join_page_group()
(From OE-Core rev: 2c379dc34820b80f3f4132437737f0e4d601e36a)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. Calling `load_pem_pkcs7_certificates`
or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference
and segfault. Exploitation of this vulnerability poses a serious risk of
Denial of Service (DoS) for any application attempting to deserialize a
PKCS7 blob/certificate. The consequences extend to potential disruptions
in system availability and stability. This vulnerability has been patched
in version 41.0.6.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-49083https://security-tracker.debian.org/tracker/CVE-2023-49083
(From OE-Core rev: 2d104f78cd13a10640bc284c7fc8358bf305279c)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(From OE-Core rev: 9c21b08c18414bb61abebcbbb8704946ea288a7b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* it might be a bit confusing as it shows number of threads before making
the decision to start more tasks and also it can show only a few tasks
running, but not because of pressure when there just aren't many tasks
left or wait for their dependencies to be finished first
* example output:
NOTE: Pressure status changed to CPU: True, IO: None, Mem: None (CPU: 297589.5/200000.0, IO: 5522.2/None, Mem: 779.2/None) - using 7/8 bitbake threads
NOTE: Pressure status changed to CPU: False, IO: None, Mem: None (CPU: 196381.2/200000.0, IO: 2667.9/None, Mem: 556.2/None) - using 2/8 bitbake threads
(Bitbake rev: 42a1c9fe698a03feb34c5bba223c6e6e0350925b)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* with latest bitbake I'm seeing very low number of bitbake tasks
executed in parallel, probably due to pressure regulation
show the values this is based on in the note
* also simplify a bit by counting the pressure and exceeds signs
only once
(Bitbake rev: 1050145c3004861ebede4777fd4fbd89d0470716)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current calculation is not correct because if tdiff is less than
1.0, it's not taken into consideration when calculating the current
pressure.
Also, make it clear that the 1.0s is the psi accumulation cycle,
which might be changed in the future. We have this cycle because it
could largely avoid the 0 result issue, that is, if the interval
between checks are too small, the result might be 0. With this
accumulation logic, which has been there but let's make it clear,
this 0 result problem could be mitigated.
(Bitbake rev: 76889ff0a8938a3d77603d2af176aa9e264df839)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is currently hard to tell when bitbake is throttling task execution
due to system pressure changes. Add notes to the console output to make
this clearer, only generating output when the values change.
(Bitbake rev: b5f77e8159ad321f31999af8304f082a2c56b537)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current PSI check calculation does not take into consideration
the possibility of the time interval between last check and current
check being much larger than 1s. In fact, the current behavior does
not match what the manual says about BB_PRESSURE_MAX_XXX, even if
the value is set to upper limit, 1000000, we still get many blocks
on new task launch. The difference between 'total' should be divided
by the time interval if it's larger than 1s.
(Bitbake rev: 2b2997ab6bdda730e4b638f416311a73e0c42156)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
bpf-translate.cxx: error: 'this_column_size' may be used uninitialized in this function [-Werror=maybe-uninitialized]
bpf-translate.cxx: error: 'num' may be used uninitialized in this function [-Werror=maybe-uninitialized]
(From OE-Core rev: 11da43b58e19583a9bc16044309610cfb2e86469)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Machines that have added subdirectires to the KERNEL_DEVICETREE
recently, such as arm32 boards that were moved under subdirectories in
Linux 6.5, will have that subdirectory in the node name of the FIT. This
breaks existing systems that select a configuration in u-boot by it's
name.
Strip off the directory component from the device tree to preserve
compatibility.
(From OE-Core rev: 941ba1a132bafa9c9be855fb91fec96d8b06299f)
(From OE-Core rev: 9a42349a176ca4d7a1bfab3425a0821dbcbd9368)
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de> # backport to kirkstone
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A previous commit attempted to fix reproducibility errors by forcing
regeneration of .po files. Unfortunately this triggered a different
type of reproducibility issue.
Work around this by adjusting the timestamps of the troublesome .po
files so they are not regenerated and we use the shipped upstream
versions of the files.
The shipped version of ru.cp1251.po doesn't seem to have been created
with the vim tooling and specifies CP1251 instead of cp1251, fix that.
(From OE-Core rev: 3c1e35562c31b8fa94ea10d18ddfdb4267566bf3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13d9551ba626f001c71bf908df16caf1d739cf13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When making checkouts from git, the timestamps can vary and occasionally two files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po from
ru.po for example. If it isn't regenerated, the output isn't quite the same leading
to reproducibility issues (CP1251 vs cp1251).
Since we added all locales to buildtools tarball now, we can drop the locale
restrictions too. We need to generate a native binary for the sjis conversion
tool so also tweak that.
(From OE-Core rev: b2e62fb4d52b019728a4920553fa24f4626b881a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 042c1a501b1dae5ddb31307b461be02c3591c589)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This was not actually backported to kirkstone (and isn't going to be)
but the documentation for the feature erroneously did make its way
from master into kirkstone.
(From yocto-docs rev: 08fda7a5601393617b1ecfe89229459e14a90b1d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Synchronizing with master whenever possible,
to make the branch easier to maintain.
(From yocto-docs rev: 825b1292ab08770b2d8cfdc1e11358a2790c1a1b)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update for changes in nanbield. Note that I am documenting what is set
by poky.conf here (since this is Yocto Project documentation), which is
slightly different from what is done in meta/conf/bitbake.conf.
(From yocto-docs rev: 4273dc298aba67fe07f19b52e5f8fa1d183d054c)
Signed-off-by: Paul Eggleton <bluelightning@bluelightning.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Create a Map to detail how BitBake handles a recipe's tasks
and its compile/runtime dependencies along with detailed comments.
(From yocto-docs rev: 529c7bf6c434166f4d372166868d46f275eb5bea)
Signed-off-by: Talel BELHAJSALEM <bhstalel@gmail.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Other spaces uses the Go architecture definitions as their own (for
example, container arches are defined to be Go arches). To make it
easier for other places to use this mapping, move the code that does the
translation of OpenEmbedded arches to Go arches to a library.
(From oe-core rev: 3e86f72fc2e1cc2e5ea4b4499722d736941167ce)
This commit together with meta-virtualization commit
115f6367f37095415f289fb6981cda9608ac72ff
broke meta-virtualization master used with
meta-lts-mixins kirkstone/go which is our primary
usecase for having kirkstone/go mixin layer
Manually crafted since cherry-pick had too many conflicts:
* different path to classes
* additional architecture loongarch64
* different way how to import library
(From OE-Core rev: 8726ae02d760270f9e7fe7ef5715d8f7553371ce)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Cc: Joshua Watt <JPEWhacker@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Cc: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This change adds a patch that is a partial backport of an upstream
commit[1].
It fixes a bug in go's DNS resolver that was causing a docker issue
where the first "docker pull" always fails after system boot if docker
daemon is started before networking is completely up.
[1] https://github.com/golang/go/commit/d52883f443e1d564b0300acdd382af1769bf0477
(From OE-Core rev: 8c8b01e84844a7e721c668d5ffbc7161e67f0862)
Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
License-update: file removed upstream
Drop patch as issue fixed upstream.
Changelog:
===========
1.9.15p2
* Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
GitHub issue #326.
1.9.15p1
* Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
GitHub issue #325.
1.9.15
* Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
GitHub issue #276.
* Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
* Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
* Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
* The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
* The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
* The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
* Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from. For LDAP sudoers, the name of the
matching sudoRole is printed instead.
* The embedded copy of zlib has been updated to version 1.3.
* The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
* The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name. This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name. A similar
issue in sudo-rs has been assigned CVE-2023-42456.
* A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
* The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers. Previously, it was
also applied when "log_subcmds" was enabled. Sudo 1.9.14
contained an incorrect fix for this. Bug #1058.
* Changes to terminal settings are now performed atomically, where
possible. If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings. This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
* Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
* New Indonesian translation from translationproject.org.
* The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up. Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
* Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled. Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
* Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
1.9.14p3
* Fixed a crash with Python 3.12 when the sudo Python plugin is
unloaded. This only affects "make check" for the Python plugin.
* Adapted the sudo Python plugin test output to match Python 3.12.
1.9.14p2
* Fixed a crash on Linux systems introduced in version 1.9.14 when
running a command with a NULL argv[0] if "log_subcmds" or
"intercept" is enabled in sudoers.
* Fixed a problem with "stair-stepped" output when piping or
redirecting the output of a sudo command that takes user input.
* Fixed a bug introduced in sudo 1.9.14 that affects matching
sudoers rules containing a Runas_Spec with an empty Runas user.
These rules should only match when sudo's -g option is used but
were matching even without the -g option. GitHub issue #290.
1.9.14p1
* Fixed an invalid free bug in sudo_logsrvd that was introduced
in version 1.9.14 which could cause sudo_logsrvd to crash.
* The sudoers plugin no longer tries to send the terminal name
to the log server when no terminal is present. This bug was
introduced in version 1.9.14.
1.9.14
* Fixed a bug where if the "intercept" or "log_subcmds" sudoers
option was enabled and a sub-command was run where the first
entry of the argument vector didn't match the command being run.
This resulted in commands like "sudo su -" being killed due to
the mismatch. Bug #1050.
* The sudoers plugin now canonicalizes command path names before
matching (where possible). This fixes a bug where sudo could
execute the wrong path if there are multiple symbolic links with
the same target and the same base name in sudoers that a user is
allowed to run. GitHub issue #228.
* Improved command matching when a chroot is specified in sudoers.
The sudoers plugin will now change the root directory id needed
before performing command matching. Previously, the root directory
was simply prepended to the path that was being processed.
* When NETGROUP_BASE is set in the ldap.conf file, sudo will now
perform its own netgroup lookups of the host name instead of
using the system innetgr(3) function. This guarantees that user
and host netgroup lookups are performed using the same LDAP
server (or servers).
* Fixed a bug introduced in sudo 1.9.13 that resulted in a missing
" ; " separator between environment variables and the command
in log entries.
* The visudo utility now displays a warning when it ignores a file
in an include dir such as /etc/sudoers.d.
* When running a command in a pseudo-terminal, sudo will initialize
the terminal settings even if it is the background process.
Previously, sudo only initialized the pseudo-terminal when running
in the foreground. This fixes an issue where a program that
checks the window size would read the wrong value when sudo was
running in the background.
* Fixed a bug where only the first two digits of the TSID field
being was logged. Bug #1046.
* The "use_pty" sudoers option is now enabled by default. To
restore the historic behavior where a command is run in the
user's terminal, add "Defaults !use_pty" to the sudoers file.
GitHub issue #258.
* Sudo's "-b" option now works when the command is run in a
pseudo-terminal.
* When disabling core dumps, sudo now only modifies the soft limit
and leaves the hard limit as-is. This avoids problems on Linux
when sudo does not have CAP_SYS_RESOURCE, which may be the case
when run inside a container. GitHub issue #42.
* Sudo configuration file paths have been converted to colon-separated
lists of paths. This makes it possible to have configuration
files on a read-only file system while still allowing for local
modifications in a different (writable) directory. The new
--enable-adminconf configure option can be used to specify a
directory that is searched for configuration files in preference
to the sysconfdir (which is usually /etc).
* The NETGROUP_QUERY ldap.conf parameter can now be disabled for
LDAP servers that do not support querying the nisNetgroup object
by its nisNetgroupTriple attribute, while still allowing sudo to
query the LDAP server directly to determine netgroup membership.
* Fixed a long-standing bug where a sudoers rule without an explicit
runas list allowed the user to run a command as root and any
group instead of just one of the groups that root is a member
of. For example, a rule such as "myuser ALL = ALL" would permit
"sudo -u root -g othergroup" even if root did not belong to
"othergroup".
* Fixed a bug where a sudoers rule with an explicit runas list
allowed a user to run sudo commands as themselves. For example,
a rule such as "myuser ALL = (root) ALL", "myuser" should only
allow commands to be run as root (optionally using one of root's
groups). However, the rule also allowed the user to run
"sudo -u myuser -g myuser command".
* Fixed a bug that prevented the user from specifying a group on
the command line via "sudo -g" if the rule's Runas_Spec contained
a Runas_Alias.
* Sudo now requires a C compiler that conforms to ISO C99 or higher
to build.
(From OE-Core rev: 55f1437e2e7f11724ace489677ae214611244faf)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These CVEs affect path handling on Windows.
(From OE-Core rev: 60f75fd6a671fcbfeefb634fe88f6faa17b446b7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
issue in GhostPCL.
GhostPCL not part of this GhostScript recipe.
(From OE-Core rev: 7c4b4daeeca8fab257475eacb83c58b7e5dfee24)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_alternative_host_name() function.
(From OE-Core rev: 3a9b67f222d6e004a8b56eedca6ff869e9aba710)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_rdata_parse() function.
(From OE-Core rev: 1b699ac1e8519cd488ee033919b9205283b7b465)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in Avahi, where a reachable assertion
exists in avahi_dns_packet_append_record.
(From OE-Core rev: 8bd1980fd4175be3dd68987f8c5653409b76f544)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.
(From OE-Core rev: bc211ae0e597d40f938f9a25bfc0fcbb228d90b6)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.
(From OE-Core rev: f4286c3a3070fd50e334a48f1b7c068d34747115)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
This issue may allow an attacker to present a specially crafted NTFS
filesystem image, leading to grub's heap metadata corruption. In some
circumstances, the attack may also corrupt the UEFI firmware heap metadata.
As a result, arbitrary code execution and secure boot protection bypass
may be achieved.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4692https://bugzilla.redhat.com/show_bug.cgi?id=2236613
(From OE-Core rev: c89835b37366dde6c74f8221fd5a295ecabf8225)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There was an extra space between the result and ':'.
After removing extra space, the ptest result will be:
result : testname -> result: testname
(From OE-Core rev: 4bb6373e5f4a1330a063d1afe855d6c24d5461e7)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We don't make do_cve_check depend on do_unpack because that would be a
waste of time 99% of the time. The compromise here is that we can't
scan remote patches for issues, but this isn't a problem so downgrade
the warning to a note.
Also move the check for CVEs in the filename before the local file check
so that even with remote patches, we still check for CVE references in
the name.
(From OE-Core rev: b4e5e02ab5dcc6b32810aa88c371799777dd8821)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0251cad677579f5b4dcc25fa2f8552c6040ac2cf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Occasionally the cve-check tool will warn that it is adding the same
package twice. Knowing what this package is might be the first step
towards understanding where this message comes from.
(From OE-Core rev: 4b449d5dcbaebb0690a55cf45e3a735c2d8df101)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c1179faec8583a8b7df192cf1cbf221f0e3001fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The JSON report generated by the cve-check class is basically a huge
list of packages. This list of packages is, however, unsorted.
To make things easier for people comparing the JSON, or more
specifically for git when archiving the JSON over time in a git
repository, we can sort the list by package name.
(From OE-Core rev: 1245649fd2725915154648a98584c908da07af18)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Error occured while running bitbake on cephfs:
WARNING: The free inode of path is running low (-0.001K left)
ERROR: Immediately halt since the disk space monitor action is "HALT"!
(Bitbake rev: a7f6c3e67bd9170e93b2b94676e84018faf0df91)
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bruce Ashfield
Tim Orling
Narpat Mali
Lee Chee Yang
Vivek Kumbhar
Martin Jansa
Chen Qi
Richard Purdie
Li Wang
Ninad Palsule
Archana Polampalli
Steve Sakoman
Hitendra Prajapati
Alexander Kanavin
Michael Opdenacker
Paul Eggleton
BELHADJ SALEM Talel
Peter Marko
Chaitanya Vadrevu
Soumya Sambu
Deepthi Hemraj
Meenali Gupta
Niranjan Pradhan
Yogita Urade
Vijay Anusuri
Ross Burton
Sanjana
Samantha Jalabert