| Age | Commit message (Collapse) | Author |
|---|
|
The current home path that is compared against is incorrect as it is missing the
package name, this patch adds it.
[YOCTO #14553]
(From OE-Core rev: b75caf4a985e3c20996531785125eaffdc832104)
Signed-off-by: Ahmed Hossam <Ahmed.Hossam@opensynergy.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit ae8f22d9e2694eea5ede3b31c6f3bca404ea4a5a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* add missing % to print the values instead of:
| INFO: Build artifacts not found, exiting.
| INFO: (Please check that the build artifacts for the machine
| INFO: selected in local.conf actually exist and that they
| INFO: are the correct artifacts for the image (.wks file)).
|
| ERROR: ("The artifact that couldn't be found was %s:\n %s", 'kernel-dir', '/OE/build/deploy/images/qemux86-64')
(From OE-Core rev: c83cabad78dbc98bb72be7fd7dd51023853a3ff9)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e104c2b1273d8c5bd97893f318bf2a2699ef7f2d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Operations such as mkfs fail on devices that are not
switched to the actual rootfs before switch_root is
called. The kernel interprets these devices as still
being used even after unmounting and errors such as
below are seen when the target is fully booted
root@v1000:~# umount /dev/sdb1
root@v1000:~# mkfs.ext4 /dev/sdb1
mke2fs 1.43.8 (1-Jan-2018)
/dev/sdb1 contains a ext4 file system
last mounted on Wed Nov 28 07:33:54 2018
Proceed anyway? (y,N) y
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!
(From OE-Core rev: ce27982c24d2398c9eadb9d4d9e7475509424195)
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Muhammad Hamza <muhammad_hamza@mentor.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ec53ffd01972d1be2d6a28de828b3f0b80dc1e61)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Linux kernel commit 14c174633f349 ("random: remove unused tracepoints")
removed unused tracepoints and has been backported to stable Linux kernel
releases. This causes build failure of lttng-modules:
"
lttng-modules-2.11.6/probes/lttng-probe-random.c:18:10: fatal error: trace/events/random.h: No such file or directory
| 18 | #include <trace/events/random.h>
| | ^~~~~~~~~~~~~~~~~~~~~~~
| compilation terminated.
"
Backport patches from lttng-modules master branch to address the build
failure on all of Linux 5.18.y, 5.15.y 5.10.y, 5.4, 4.19, 4.14, and 4.9 kernel versions.
(From OE-Core rev: 9f301f5563df868626d624c2d0781dae1b81a4c0)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Cc: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a0415549af8d10f4915c519433b49ce812bd2324)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c27711292f93dfad1ffdeab6d715becad32a4ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add testcases for partial reports with CVE_CHECK_REPORT_PATCHED and
Ignored CVEs.
(From OE-Core rev: 577d297babd7b399f631c8a95155265f08c5e193)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from 3f7639b90004973782a2e74925fd2e9a764c1090)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
user to read the file content
Source: https://git.savannah.gnu.org/cgit/grub.git/
MR: 116495
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4
ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc
Description:
CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content.
Affects "grub2 < 2.06"
(From OE-Core rev: fd9dc688ead5cf0225cba94c380a618e332d548f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Ignored CVEs aren't patched, but do not apply in our configuration
for some reason. Up till now they were only partially supported
and reported as "Patched".
This patch adds separate reporting of Ignored CVEs. The variable
CVE_CHECK_REPORT_PATCHED now manages reporting of both patched
and ignored CVEs.
(From OE-Core rev: 14b3c0ca46a0aa97565a24b7a5116306237d7cfe)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry-picked from c773102d4828fc4ddd1024f6115d577e23f1afe4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add two fixes from debian for two CVEs. From:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
I wans't able to get the reproducers to work but the added error
checking isn't probably a bad thing.
(From OE-Core rev: 097469513f6dea7c678438e71a152f4e77fe670d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054be00a632c2918dd1f973e76514e459fc6f017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid a null pointer dereference.
(From OE-Core rev: 357791da82f767ad695e4476aa12fea3d7db5e04)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 36db85b9b127e5a9f5d3d6e428168cf597ab95f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
reading a very large header
Source: https://github.com/argoheyard/lang-net
MR: 114874
Type: Security Fix
Disposition: Backport from https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282
ChangeID: bd3c4f9f44dd1c45e810172087004778522d28eb
Description:
CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header.
(From OE-Core rev: 2850ef58f2a39a5ab19b1062d1b50160fec4daa8)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://go-review.googlesource.com/c/go
MR: 117551
Type: Security Fix
Disposition: Backport from https://go-review.googlesource.com/c/go/+/399816/
ChangeID: 347f22f93e8eaecb3d39f8d6c0fe5a70c5cf7b7c
Description:
CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode.
(From OE-Core rev: 6625e24a6143765ce2e4e08d25e3fe021bc2cdf6)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Following https://git.yoctoproject.org/poky/commit/?id=cf7d8894545b83f55420fa33f7848e1bfc6754ff
(From yocto-docs rev: 5a5499609bc1f6ac99ad909dc1aeb91505f5bd48)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The keep alive timeout is excessively long at 83 minutes (5000 seconds),
reduce this to 10 minutes: this should be long enough that it rarely
triggers in normal builds, but when it does it has useful information.
(Bitbake rev: a496a8952d8542ce814b13f460811d8849d25a3c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dcf52157d3635925491783be656c6b76d1efe1a4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In interactive bitbake sessions it is obvious what tasks are running
when one of them hangs or otherwise takes a long time. However, in
non-interactive sessions (such as automated builds) bitbake just prints
a message saying that it is "still alive" with no clues as to what tasks
are active still.
By simply listing the active tasks when printing the keep alive message,
we don't need to parse the bitbake log to identify which of the tasks
is still active and has presumably hung.
(Bitbake rev: 36fe8bae9fec61547ee0b13bcb721033afd3ac0e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30f6c3f175617beea8e8bb75dcf255611e3fc2fd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(with history)
We've talked about having this for long enough. Add a command which queries a single
variable value with history. This saves "bitbake -e | grep" and avoids the
various pitfalls that has.
It also provides a neat example of using tinfoil to make such a query.
Parameters to limit the output to just the value, to limit to a variable flag
and to not expand the output are provided.
[YOCTO #10748]
(Bitbake rev: 47ed06d441152f8b6d374cacfac2c668c354423e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c1881b620e885f55d7772f8626b8a76c2828333)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We can't access the emit() function of varhistory currently as the datastore parameter
isn't handled correctly, nor is the output stream. Add a custom wrapper for this
function which handles the two details correctly.
(Bitbake rev: 144a1cfe8b60c677bb6ec66c242e064c7ba3ed88)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba0fa084ccd2b1ade96425d158fd31e49e42f286)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop 0001-Makefile-replace-mkdir-by-install.patch merged upstream.
License-Update: additional files
(From OE-Core rev: c6f5fb5e7545636ef7948ad1562548b7b64dac35)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91cd99267157e860a108282aee13e162e8c10572)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit bcc5a22cd2b25c777315fe9d677fc0338ae2ab68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In some cases it is useful to be able to test the snapshot of
linux-firmware (e.g. to test if the updated firmware works on the
particular hardware). Allow building the linux-firmware snapshots.
To switch to the most recent branch, add the following lines to the
local.conf file:
PREFERRED_VERSION_linux-firmware = "1:20220509+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "4288aad55d189fa225d492526b8406d5"
(From OE-Core rev: 6654baf267003ac62bc886901e5197fc211239f4)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b023570ae1d239de14b50a0e827582d0e84ddf81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add ability to parse instance-specific conf files when
enabling an instance of a templated unit during postinstall.
(From OE-Core rev: f2d59bf2240eaf4c483edc4feb6e5d66b8dc387f)
Signed-off-by: Nick Potenski <nick.potenski@garmin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baa0ecf3271008cf60cd830c54a71f191aebb81c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
update include fixes for CVE-2022-1664.
(From OE-Core rev: 12169c1104adbfd9f5196fdbdab16536e98fd43f)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://github.com/golang/go
MR: 114884
Type: Security Fix
Disposition: Backport from https://github.com/golang/go/commit/44a3fb49
ChangeID: 7b28553d4e23828b20c3357b1cca79ee3ca18058
Description:
CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error.
(From OE-Core rev: b835c65845b1445e1bb547c192cb22c2db4c7e6f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
references
Source: https://github.com/pypa/pip
MR: 113864
Type: Security Fix
Disposition: Backport from https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636
Description:
CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references.
(From OE-Core rev: 841a8fb5b6351f79a4d756232a544d1a6480c562)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using multiconfig with the same TMP folder we can have
races because the shared recipes like gcc-source run twice.
ARCHIVER_OUTDIR = ${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/
which includes TARGET_SYS and between the two different MACHINE values,
this changes from 'arm-poky-linux-gnueabi' to 'aarch64-poky-linux'.
This leads to the task running twice, once for each multiconfig.
To solve this we need to store the shared output in a common place
for all machines and in this way the stamps will be the same for each
machine so the gcc-source will on run once regardless of the machine used.
(From OE-Core rev: 135adeb82c9303c26193bb6f6bd3bc696793aa62)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5abe497aad39a6ce8d72556fcdda1938a0f8c1bc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some tasks may reference ${B} for gcc-source which in general would not exist.
It has dependencies on HOST_SYS and TARGET_SYS which are not appropriate for a
shared recipe like gcc-source. This causes problems for the archiver and
multiconfigs in particlar.
Set B to something else to avoid these task hash issues.
Acked-by: Jose Quaresma <jose.quaresma@foundries.io>
(From OE-Core rev: 14aa189c2e47a2c5a4a0099235a2605666651f74)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit beb2a76c591e985c6fc7ed473abd1bee27f955a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Building busybox with CONFIG_LSATTR=y and installing that in the same
filesystem as e2fsprogs breaks:
ERROR: ... do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Fix that by also alternatifying lsattr just as chattr already is.
(From OE-Core rev: 28090d32c88d99ea36a03f3bb723838746001e4b)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96703961eeb3460e9da26503d7942cc965d1e573)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When multilib enabled and add layers/meta-openembedded/meta-oe in
conf/bblayers.conf, it reports below error when run oe-selftest.
$ oe-selftest -r oescripts
[snip]
[20:36:33-0700] 2022-05-16 03:36:33,494 - oe-selftest - INFO - RESULTS - oescripts.OEListPackageconfigTests.test_packageconfig_flags_option_flags: FAILED (585.37s)
[snip]
It is because the output of "list-packageconfig-flags.py -f" as below:
$ ../scripts/contrib/list-packageconfig-flags.py -f
[snip]
qt lib32-pinentry lib32-wxwidgets nativesdk-pinentry pinentry pinentry-native wxwidgets wxwidgets-native
secret lib32-pinentry nativesdk-pinentry pinentry pinentry-native
[snip]
But the check logic as below:
class OEListPackageconfigTests(OEScriptTests):
#oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
def check_endlines(self, results, expected_endlines):
for line in results.output.splitlines():
for el in expected_endlines:
if line.split() == el.split():
expected_endlines.remove(el)
break
def test_packageconfig_flags_option_flags(self):
results = runCmd('%s/contrib/list-packageconfig-flags.py -f' % self.scripts_dir)
expected_endlines = []
expected_endlines.append("PACKAGECONFIG FLAG RECIPE NAMES")
expected_endlines.append("qt nativesdk-pinentry pinentry pinentry-native")
expected_endlines.append("secret nativesdk-pinentry pinentry pinentry-native")
self.check_endlines(results, expected_endlines)
And the test will fail as line.split() doesn't equal el.split() as
line.split() is ['lib32-pinentry', 'lib32-wxwidgets', 'nativesdk-pinentry',
'pinentry', 'pinentry-native', 'wxwidgets', 'wxwidgets-native'] and
el.split() is ['nativesdk-pinentry', 'pinentry', 'pinentry-native'].
So change the compare logic to fix the gap.
(From OE-Core rev: 9eecfbfc957359b7933f1e1bde3aba1780dde202)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 239f22847bcae0cb31769adb0a42b5440173a7c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: fd1ed873ec00fda2f58370770ad7aed039bdc470)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6420c8a6a8143f53ccad7ab2d56b2ba06db83099)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* fixes:
oe-core/meta/lib/oe/rootfs.py:331: ResourceWarning: unclosed file <_io.TextIOWrapper name='pkgdata/mach/kernel-depmod/kernel-abiversion' mode='r' encoding='UTF-8'>
kernel_ver = open(kernel_abi_ver_file).read().strip(' \n')
(From OE-Core rev: b761150790231792b42a8eb534013f1e17b4efb3)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f9dd8ee063c1132265248457fcd628e1e93727be)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.
(From OE-Core rev: 27cd074d747c5ef4b475c8a62a8ede2bbe58f996)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ab3cc3651d08d226675c461da760cda0bb6c0ce0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix PACKAGECONFIG to refer to libavtp instead of avtp as this is what
the project and everything is really called everywhere.
(From OE-Core rev: a1b73bc6ba90fb079e514e4eeda8e231a950b9f4)
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8824d91fe2063195014c38c134b97946d3b429c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Several tasks deactivate exiting on non-zero return codes via set +e because
they run subcommands that have legitimate non-zero return codes. However when
appending to those tasks, this behavior is not expected and can lead to builds
silently proceeding in case of an error. Therefore reset the default behavior
at the end of the respective tasks via set -e.
(From OE-Core rev: 7777cc853db7200b819095be6f6a3561738ac94d)
Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 83a6f28d2e464f00202090e998a63045adba9e4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes fixes for CVE-2022-1927, CVE-2022-1942.
(From OE-Core rev: 2bba60d687fb45a8367cb683a8e9d385384ad51a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As per debian, the issue is fixed by a feature called
"agent restriction" in openssh 8.9.
Urgency is unimportant as per debian, Hence this CVE is whitelisting.
Link:
https://security-tracker.debian.org/tracker/CVE-2021-36368
https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2
https://docs.ssh-mitm.at/trivialauth.html
(From OE-Core rev: 179b862e97d95ef57f8ee847e54a78b5f3f52ee7)
Signed-off-by: Pawan Badganchi <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In scheduler/cert.c the previous algorithm didn't expect the strings can
have a different length, so one string can be a substring of the other
and such substring was reported as equal to the longer string.
Backport patch from upstream to fix:
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
CVE: CVE-2022-26691
(From OE-Core rev: cc657868d31cc8b4218a07aa10fa098c379e473c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From meta-yocto rev: 36f7c6b9ddbcd4f518aa199b523a0606d1f4018a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Updating to the latest korg -stable release that comprises
the following commits:
04b092e4a01a Linux 5.4.196
dba1941f5bc3 afs: Fix afs_getattr() to refetch file status if callback break occurred
ef5374d532ca i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
10a221e2d3d8 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
a12884ff4340 x86/xen: fix booting 32-bit pv guest
b2f140a9f980 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
060f38b1dfb4 ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
b38cf3cb17df firmware_loader: use kernel credentials when reading firmware
e14e3856e94d net: stmmac: disable Split Header (SPH) for Intel platforms
9ea8e6a8323e block: return ELEVATOR_DISCARD_MERGE if possible
36ac6caf742d Input: ili210x - fix reset timing
1c450bdf2e8c net: atlantic: verify hw_head_ lies within TX buffer ring
e5307704c4ad net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
91d8d7edf192 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
dd5de66f5c8a selftests: add ping test with ping_group_range tuned
9919585e5f41 mac80211: fix rx reordering with non explicit / psmp ack policy
19e2cd737c16 scsi: qla2xxx: Fix missed DMA unmap for aborted commands
74168c2207a5 perf bench numa: Address compiler error on s390
d1915d9c9fa3 gpio: mvebu/pwm: Refuse requests with inverted polarity
3fdd67e83c42 gpio: gpio-vf610: do not touch other bits when set the target bit
1fe6dc5f5d19 net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
622be11fa385 igb: skip phy status check where unavailable
eb92a8ecce23 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
463a7b957db0 ARM: 9196/1: spectre-bhb: enable for Cortex-A15
1b93631c77c9 net: af_key: add check for pfkey_broadcast in function pfkey_process
c0be5fec786b net/mlx5e: Properly block LRO when XDP is enabled
3277789f332e NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
b368e07fb44d net/qla3xxx: Fix a test in ql_reset_work()
d672eee9e404 clk: at91: generated: consider range when calculating best rate
8cb1a05fe38b ice: fix possible under reporting of ethtool Tx and Rx statistics
dc64e8874e87 net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
32f779e6fbbe net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
1eb2d7858155 net/sched: act_pedit: sanitize shift argument before usage
50f70ee30236 net: macb: Increment rx bd head after allocating skb and buffer
a42ffe88332c ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
6493ff94c022 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
fe2a9469eca0 dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
8cf6c24ed488 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
8be06f62b426 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
f4a093215b8e KVM: x86/mmu: Update number of zapped pages even if page list is stable
de8745182749 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
3a12b2c413b2 Fix double fget() in vhost_net_set_backend()
dd0ea88b0a0f perf: Fix sys_perf_event_open() race against self
c8a5e14cb407 ALSA: wavefront: Proper check of get_user() error
2f8f6c393b11 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
975a0f14d5cd SUNRPC: Don't call connect() more than once on a TCP socket
aa4d71edd609 SUNRPC: Prevent immediate close+reconnect
2d6f096476e6 SUNRPC: Clean up scheduling of autoclose
f3fe8d13ac89 mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
def047ae1266 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
f10260f35992 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
1e93f939927d nilfs2: fix lockdep warnings during disk space reclamation
307d021b1a7f nilfs2: fix lockdep warnings in page operations for btree nodes
77b71a4c8767 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
54f7358be14d platform/chrome: cros_ec_debugfs: detach log reader wq from devm
232128f6e60f drbd: remove usage of list iterator variable after loop
83abb076f473 MIPS: lantiq: check the return value of kzalloc()
e7947c031ffe rtc: mc146818-lib: Fix the AltCentury for AMD platforms
7be785032c05 nvme-multipath: fix hang when disk goes live over reconnect
ee0323cc8bbb ALSA: hda/realtek: Enable headset mic on Lenovo P360
c0d86f2a3c03 crypto: x86/chacha20 - Avoid spurious jumps to other functions
f0213894337a crypto: stm32 - fix reference leak in stm32_crc_remove
8c015cd52442 Input: stmfts - fix reference leak in stmfts_input_open
bb83a744bc67 Input: add bounds checking to input_set_capability()
4fd396695646 um: Cleanup syscall_handler_t definition/cast, fix warning
0c319b998835 rtc: fix use-after-free on device removal
05df3bdbc259 x86/xen: Make the secondary CPU idle tasks reliable
0d3817cb4ebe x86/xen: Make the boot CPU idle task reliable
67e2b62461b5 floppy: use a statically allocated error counter
0187300e6aa6 Linux 5.4.195
8fcefb43ecfc tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
6d80857c4fc7 ping: fix address binding wrt vrf
7845532adb53 arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
c0b735fef2af net: phy: Fix race condition on link status change
a60def756821 MIPS: fix build with gcc-12
a3112d5da17c drm/vmwgfx: Initialize drm_mode_fb_cmd2
463c7431490d cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
f25145c37c4e i40e: i40e_main: fix a missing check on list iterator
17c744716af5 drm/nouveau/tegra: Stop using iommu_present()
c8f567c46543 serial: 8250_mtk: Fix register address for XON/XOFF character
aa3ea7451bd6 serial: 8250_mtk: Fix UART_EFR register address
031fda28d0a6 slimbus: qcom: Fix IRQ check in qcom_slim_probe
7de6f3059629 USB: serial: option: add Fibocom MA510 modem
65732f62f730 USB: serial: option: add Fibocom L610 modem
6c78537f3e29 USB: serial: qcserial: add support for Sierra Wireless EM7590
e40d00494712 USB: serial: pl2303: add device id for HP LM930 Display
056a56f8fbfe usb: typec: tcpci: Don't skip cleanup in .remove() on error
457d9401b8c1 usb: cdc-wdm: fix reading stuck on device close
4d93303fd877 tty: n_gsm: fix mux activation issues in gsm_config()
6e34ee5b5b92 tcp: resalt the secret every 10 seconds
39c26fe93c76 net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
638bfbc84cca s390: disable -Warray-bounds
f66d3fa5089f ASoC: ops: Validate input values in snd_soc_put_volsw_range()
13b850a6cc80 ASoC: max98090: Generate notifications on changes for custom control
5c766c000a64 ASoC: max98090: Reject invalid values in custom control put()
22f6c68b4927 hwmon: (f71882fg) Fix negative temperature
208200e573bd gfs2: Fix filesystem block deallocation for short writes
42daae7d845c net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
e038c457bd12 net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
2ec2dd7d51a9 net/sched: act_pedit: really ensure the skb is writable
48c6a40e2f25 s390/lcs: fix variable dereferenced before check
467ddbbe7e74 s390/ctcm: fix potential memory leak
2cbce0110070 s390/ctcm: fix variable dereferenced before check
1c40e85d0aa0 hwmon: (ltq-cputemp) restrict it to SOC_XWAY
0a778db9319f dim: initialize all struct fields
522986cc39c1 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
0729594cb788 netlink: do not reset transport header in netlink_recvmsg()
33ce32587c44 drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
5809a1c53049 ipv4: drop dst in multicast routing path
c9d75e87f45b net: Fix features skip in for_each_netdev_feature()
5c9057670504 mac80211: Reset MBSSID parameters upon connection
cfe74fd41f18 hwmon: (tmp401) Add OF device ID table
3915341a935f batman-adv: Don't skb_split skbuffs with frag_list
90659487578c Linux 5.4.194
2f4e0bf651e3 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
e4db0c3ce0c5 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
ea9cad1c5d95 mm: fix missing cache flush for all tail pages of compound page
45c05171d6e3 Bluetooth: Fix the creation of hdev->name
f52c4c067aa5 KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
c1bdf1e6e706 x86: kprobes: Prohibit probing on instruction which has emulate prefix
6af6427a9600 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
c67a4a91f5e1 x86: xen: kvm: Gather the definition of emulate prefixes
4c39e1ace3dc x86/asm: Allow to pass macros to __ASM_FORM()
29afcd5af012 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
ea65a7d76c00 arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
5755f946a89f can: grcan: only use the NAPI poll budget for RX
caba5c13a892 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
76b64c690f03 nfp: bpf: silence bitwise vs. logical OR warning
86ccefb83ede drm/i915: Cast remain to unsigned long in eb_relocate_vma
de542bd76541 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
e6ff94d31c53 block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
f668da98ad83 MIPS: Use address-of operator on section symbols
01565c91b789 Linux 5.4.193
8a7f92053dc9 mmc: rtsx: add 74 Clocks in power on flow
d789b9891761 PCI: aardvark: Fix reading MSI interrupt number
253bc43ca5b7 PCI: aardvark: Clear all MSIs at setup
786dc86c8434 dm: interlock pending dm_io and dm_wait_for_bios_completion
ad1393b92e50 dm: fix mempool NULL pointer race when completing IO
40bcd39a0093 tcp: make sure treq->af_specific is initialized
9661bf674d6a ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
37b12c16beb6 ALSA: pcm: Fix races among concurrent prealloc proc writes
2a559eec81ac ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
08d1807f097a ALSA: pcm: Fix races among concurrent read/write and buffer changes
fbeb492694ce ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
f098f8b9820f mm: fix unexpected zeroed page mapping with zram swap
c7337efd1d11 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
9588ac2eddc2 net: ipv6: ensure we call ipv6_mc_down() at most once
367b49086b41 KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
c2fadf2d0ab4 x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
8b78939f4b0b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
f455c8e657e3 NFSv4: Don't invalidate inode attributes on delegation return
89e7a625ec5c drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
1d14c1c7a3bd net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
2b99ff4c3e3e btrfs: always log symlinks in full mode
dc4784489426 smsc911x: allow using IRQ0
cff6cb162f7a bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
64ece01adb42 selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
52401926c863 net: emaclite: Add error handling for of_address_to_resource()
354cac1e392b net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
0510b6ccfb4f net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
102986592ffd RDMA/siw: Fix a condition race issue in MPA request processing
e6ae21eb948a ASoC: dmaengine: Restore NULL prepare_slave_config() callback
df3ea6cc1af5 hwmon: (adt7470) Fix warning on module removal
01d4363dd717 NFC: netlink: fix sleep in atomic bug when firmware download timeout
33d3e76fc7a7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
85aecdef77f9 nfc: replace improper check device_is_registered() in netlink related functions
da9eb43b9a56 can: grcan: use ofdev->dev when allocating DMA memory
8b451b7d7e95 can: grcan: grcan_close(): fix deadlock
8f4246450a95 s390/dasd: Fix read inconsistency for ESE DASD devices
91193a2c2f4f s390/dasd: Fix read for ESE with blksize < 4k
1aa75808edd8 s390/dasd: prevent double format of tracks for ESE devices
061a424dd1c4 s390/dasd: fix data corruption for ESE devices
860db6cdc5be ASoC: meson: Fix event generation for G12A tohdmi mux
d4864e8c4ba8 ASoC: wm8958: Fix change notifications for DSP controls
6723ab2ed8bb ASoC: da7219: Fix change notifications for tone generator frequency
ac5894fb8626 genirq: Synchronize interrupt thread startup
8624e2c5af95 ACPICA: Always create namespace nodes using acpi_ns_create_node()
27183539cfac firewire: core: extend card->lock in fw_core_handle_bus_reset
2fefc6259861 firewire: remove check of list iterator against head past the loop body
34b9b9182911 firewire: fix potential uaf in outbound_phy_packet_callback()
f6b6e9336936 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
d403ff32e566 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
94842485b4ec ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
73ce49fa59a7 parisc: Merge model and model name into one line in /proc/cpuinfo
0d5bb59858c6 MIPS: Fix CP0 counter erratum detection for R4k CPUs
(From OE-Core rev: 7e056e79a5acce8261cb5124c172cc40ad608b82)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.
Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.
(From OE-Core rev: 487a53522a739b9a52720c4c40b93f88ad77d242)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Until now the CVE checker was giving information about CVEs found for
a product (or more products) contained in a recipe. However, there was
no easy way to find out which products or recipes have no CVEs. Having
no reported CVEs might mean there are simply none, but can also mean
a product name (CPE) mismatch.
This patch adds CVE_CHECK_COVERAGE option enabling a new type of
statistics. Then we use the new JSON format to report the information.
The legacy text mode report does not contain it.
This option is expected to help with an identification of recipes with
mismatched CPEs, issues in the database and more.
This work is based on [1], but adding the JSON format makes it easier
to implement, without additional result files.
[1] https://lists.openembedded.org/g/openembedded-core/message/159873
(From OE-Core rev: c63d06becc340270573bdef2630749db1f5230d4)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d1849a1facd64fa0bcf8336a0ed5fbf71b2e3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.
However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.
Fix it by always writing a fragment file, even if empty.
(From OE-Core rev: 4c10ee956f21ea2f805403704ac3c54b7f1be78c)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move the function to a library, it could be useful in other places.
(From OE-Core rev: c8a0e7ecee15985f7eed10ce9c86c48a77c5b7c5)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix typo to properly whitelist CVE-2021-22945.
(From OE-Core rev: 7b2a1d908d3b63da5e9f072b61dd3c5fa91c7b8f)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches to address CVE-2022-27774, CVE-2022-27781, and
CVE-2022-27782.
(From OE-Core rev: f8cdafc0ef54ab203164366ad96288fd10144b30)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We have libxml2 2.9.10 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.
(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)
(From OE-Core rev: 9c736c9dcf5f18b8db082a0903be0acb3fbb51c2)
Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad63694e6df4f284879f7220962a821f97928eb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2021-30560
(From OE-Core rev: 3e01aa47b85ebeba26443fc3293c341b5ef72817)
Signed-off-by: omkar patil <omkar.patil@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://github.com/PCRE2Project/pcre2
MR: 118031
Type: Security Fix
Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933
Description:
CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c.
(From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
MR: 117430
Type: Security Fix
Disposition: Backport from https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
ChangeID: e6db00c6e8375a2e869fd2e4ead61ca9149eb8fa
Description:
CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem.
(From OE-Core rev: b4f9ba859ed1fe5e1d42258fee1dd2e8e85e7eba)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We are getting an additional ptest failure after fixing the expired certificates.
Backport a patch from upstream to fix this.
(From OE-Core rev: 3af161acc13189cb68549f898f3964d83d00ce56)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ptests in in openssl have started failing as test certificates have
expired. Backport a fix for this from upstream, replacing the test
certificates to allow the ptests to pass again.
(From OE-Core rev: 40858a05989d45b0c772fdec837d3dc95d4df59d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Version 1.1.1 requires additional changes
This reverts commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Ahmed Hossam
Martin Jansa
Muhammad Hamza
Marek Vasut
Alexander Kanavin
Marta Rybczynska
Hitendra Prajapati
Richard Purdie
Joe Slater
Michael Opdenacker
Ross Burton
Dmitry Baryshkov
Nick Potenski
Chee Yang Lee
Jose Quaresma
Rasmus Villemoes
Mingli Yu
Peter Kjellerstedt
Marcel Ziswiler
Stefan Wiehler
Pawan Badganchi
Steve Sakoman
Bruce Ashfield
Robert Joslyn
omkar patil