| Age | Commit message (Collapse) | Author |
|---|
|
This series of patches fixes deficiencies in GCC's -fstack-protector
implementation for AArch64 when using dynamically allocated stack space.
This is CVE-2023-4039. See:
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
for more details.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
(From OE-Core rev: 8b91c463fb3546836789e1890b3c68acf69c162a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
(From meta-yocto rev: fb227b9ff08a2cf5304348a57f574a6751741bce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The time and timeout tests are sensitive to system load, and as we run
these on build machines they fail randomly.
[ YOCTO #14371 ]
(From OE-Core rev: d2b62913a5771169265171129fe972c8e252fe04)
(From OE-Core rev: 309f1c6166f8535fa61fd1d01924df3c7fe9fbba)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a84b8d683b4b3f4d30999eac987790896d21eba6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
(From OE-Core rev: a6dde75a3cbd99cb346a8ab8183e96752d005a6b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
(From yocto-docs rev: 628be0aa38ea9fe03cd4843278c201a0c4f6aa44)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
- Update according to changes in SANITY_TESTED_DISTROS
(meta-poky/conf/distro/poky.conf)
- No longer declare as "Supported" the distributions versions
which are End of Life for their vendors, as some of them
(Ubuntu for example) ship updates to subscribers only,
which the Yocto Project has no access to.
- List distribution versions which were previously tested
for the branch of the Yocto Project being considered.
(From yocto-docs rev: ed345f43ed1e5fcceeff5ab77aaa43763f08f598)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
On our slower arm server, the tests currently timeout leading to inconsistent test
results. Increase the timeout to avoid this and aim to make the test results
consistent.
(From OE-Core rev: 76b065b3e802fc7dfa9a370e273b8a4187072623)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a8b49208f3c99e184eab426360b137bc773aa31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
We have a suspicion that the read() call may return EAGAIN on the non-blocking
fd and this may truncate test output leading to some of our intermittent failures.
Tweak the code to avoid this potential issue.
(From OE-Core rev: 605d832e86f249100adaf3761b4e1701401d0b76)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8920c105725431e989cceb616bd04eaa52127ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This provides a more reliable test execution when running tests that
write a large buffer/file and significantly reduces the localedata test
failures.
(From OE-Core rev: 1f35336edf13496432fb68e7e048a5c137fc3e47)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 97a7612e3959bc9c75116a4e696f47cc31aea75d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Allows setting up NFS over TCP as well.
(From OE-Core rev: 148e009374dcbd2101223cf33f2ff69c75895b71)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1ff9b9a3b7f7924aea67d2024581bea2e916036)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Some of the tests trigger OOM and fail. Increase the amount of memory
available so we dont run into these issues.
(From OE-Core rev: 50b07b4c0c814f2832816cf83863687155429b21)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d22dba482cb19ffcff5abee73f24526ea9d1c2a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Dont fill up the test log with ssh warning about having added the host
to list of known hosts.
Also helps fix a test case failure where stderr log was being compared
to a known value.
(From OE-Core rev: 781c52bb8f9ffe6aeb456fb0c0d628917641fb22)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63b31ff7e54a171c4c02fca2e6b07aec64a410af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Due to an oversight in the do_symlink_kernsrc function, the path
comparison between "S" and "STAGING_KERNEL_DIR" is broken. The code
obtains both variables, but modifies the local copy of "S" before
comparing them, causing the comparison to always return false.
This can cause the build to fail when the EXTERNALSRC flag is enabled,
since the code will try to create a symlink even if one already exists.
This patch resolves the issue by comparing the variables before they are
modified.
(From OE-Core rev: 27a982807caa7ffbdf2d4ef02bc0b037150b1b3b)
Signed-off-by: Staffan Rydén <staffan.ryden@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit afd2038ef8a66a5e6433be31a14e1eb0d9f9a1d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
non-release indexes will continue to generate when test output is
corrupted.
(From OE-Core rev: 31b996c01c72749fc62821a3c9d1da70540bfad6)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a9157684a6bff8406c9bb470cb2e16ee006bbe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add in stable updates to glibc 2.38 to fix malloc bugs
(From OE-Core rev: 2850119bce7aa9788ab8b163311d42ea273ca1df)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
remove the traling blanks before the ;-delimiter, so one could use
"_remove" to avoid running tasks like 'rootfs_update_timestamp',
which are currently hardcoded and not bound to any
configurable feature flag
(From OE-Core rev: 18246f0bfedb5c729a0fc5b515f25a1ed0cde191)
Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556
qemu.git$ git log --no-merges --oneline --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues
Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330
(From OE-Core rev: 45ce9885351a2344737170e6e810dc67ab3e7ea9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream-Status: Backport from [https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980]
CVE: CVE-2023-3180
(From OE-Core rev: edbc17315927a711aa9fae7c6cfba61cbf8ab5ad)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/dee22129, https://github.com/openssh/openssh-portable/commit/099cdf59,
https://github.com/openssh/openssh-portable/commit/29ef8a04, https://github.com/openssh/openssh-portable/commit/892506b1,
https://github.com/openssh/openssh-portable/commit/0c111eb8, https://github.com/openssh/openssh-portable/commit/52a03e9f,
https://github.com/openssh/openssh-portable/commit/1fe16fd6, https://github.com/openssh/openssh-portable/commit/e0e8bee8,
https://github.com/openssh/openssh-portable/commit/8afaa7d7, https://github.com/openssh/openssh-portable/commit/1a4b9275,
https://github.com/openssh/openssh-portable/commit/4c1e3ce8, https://github.com/openssh/openssh-portable/commit/1f2731f5.
(From OE-Core rev: 9242b8218858d2bebb3235929fea7e7235cd40f3)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream Patch: https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch
LINK: https://security-tracker.debian.org/tracker/CVE-2023-2828
(From OE-Core rev: 1b9d661a82211d6ffdd56e366cfbc3f3c247fd1c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The generated file covers all but two of these CVEs (which will be fixed
when [1] and [2] are resolved) so remove the redundant entries.
[1] https://github.com/nluedtke/linux_kernel_cves/issues/344
[2] https://github.com/nluedtke/linux_kernel_cves/issues/345
(From OE-Core rev: c953ccba6c2a334cc58a97eee073bdb51a68f1d3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Run generate-cve-exclusions.py to generate the ignore lists. This file
is maintained separately from the existing manual whitelist entries.
(From OE-Core rev: b63743410e758ba116adb74a483b7c2d2aedf3b3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Instead of manually looking up new CVEs and determining what point
releases the fixes are incorporated into, add a script to generate the
CVE_CHECK_WHITELIST data automatically.
First, note that this is very much an interim solution until the
cve-check class fetches data from www.linuxkernelcves.com directly.
The script should be passed the path to a local clone of the
linuxkernelcves repository[1] and the kernel version number. It will
then write to standard output the CVE_STATUS entries for every known
kernel CVE.
The script should be periodically reran as CVEs are backported and
kernels upgraded frequently.
[1] https://github.com/nluedtke/linux_kernel_cves
Note: for the Dunfell backport this is not a cherry-pick of the commit
in master as the variable names are different. This incorporates the
following commits:
linux/generate-cve-exclusions: add version check warning
linux/generate-cve-exclusions.py: fix comparison
linux-yocto: add script to generate kernel CVE_STATUS entries
(From OE-Core rev: 496c0b8fab5dd87102c3a63656debdb3aa214ae7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream-commit: https://github.com/golang/go/commit/2300f7ef07718f6be4d8aa8486c7de99836e233f
(From OE-Core rev: 37212694b9a610b1086ef574673dd24095585f4a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream-commit: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
& https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d
(From OE-Core rev: 57f6d8548e778712eb11507e889f3eadf3732041)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
It fails to boot grub after upgrade grub to 2.06. According to
description in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14367
it is introduced by a commit to fix CVE. So remove option '-O2' from
CFLAGS rather than revert the commit to avoid the failure.
[YOCTO #14367]
CC: Tony Battersby <tonyb@cybernetics.com>
(From OE-Core rev: 3575290c4cc937ae2f2c5604a5619ac6de9aa071)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69805629b8f47fd46a37b7c5cc435982e2ac3d1d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
str.format() doesn't use % notation, update the formatting to work.
assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.
(From OE-Core rev: 2be0f2c62fb893f093091cbb30967f32f9d3165b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.
(From OE-Core rev: cdc671271327ca61e5321b8890921d08ecd8799d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Uninative 4.2 adds glibc 2.38.
(From OE-Core rev: 35baf2ceb02ca14520a18a1dcd5014c5f7937e30)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6654fab00a1b4e4bb05eec8b77c8c60e1f8a709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This version includes fixes to patchelf.
(From OE-Core rev: 600ef23e30c27b4ec0f54c9b03d6386bccd5390f)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c5c8ff97ba0a7f9adc592d702b865b3d166a24b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
For newest Qualcomm platforms the firmware for the Adreno GPU consists
of two parts: platform-independent SQE/GMU/GPMU/PFP/PM4 and
platform-specific ZAP shader, which is used during the boot process. As
the platform-independent parts can be shared between different
platforms, split the platform-specific part to the separate package.
(From OE-Core rev: 3ae53403b019b699f59c3ab9ba7b822041773dc7)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf00a042d2fa2eb4b20d8c5982926758821bf990)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
RTL8822 is a serie of wireless modules that need firmwares to function correctly.
The linux firmware recipe does not have a package of these firmwares, and this commit add them.
(From OE-Core rev: f1a4db02831e70782a896b699cc2fa427cbd8e62)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6459959beeb91c0b694f5f17b6587a12c6dcb087)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Latest linux-firmware archive inclues firmware for the Dragonboard 410c
device (Qualcomm apq8016 SBC). Follow the rest of linux-firmware-qcom-*
packages as a template and create packages for the new firmware files.
(From OE-Core rev: 0f4582034a41f4abc746bffe5892a8d393a5a8f7)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 380216e8d3b63d563ebfb10445fc6eb5e77eb9f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
WHENCE checksum changed because of updated version lists and removal of
information for the RTL8188EU driver.
(From OE-Core rev: ecfb64079c7426606263780e04799b811c51fe91)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 986f8ca9d4c2c22d368f69e65b2ab76d661edca0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Changelog:
* Do not call malloc_usable_size
(From OE-Core rev: 143389388bf3a1d9e1407fe5c42fb6bd341a81b8)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5cd967503c0574f45b814572da9503182556b431)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The same patch also fix CVE-2022-4645 CVE-2023-30774
CVE-2022-4645 - https://gitlab.com/libtiff/libtiff/-/issues/277
CVE-2023-30774 - https://gitlab.com/libtiff/libtiff/-/issues/463
(From OE-Core rev: 8a4f312ef3751ecf8b3fe2ac719477c7d9c967d2)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream-Status: Backport from https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-33294
https://sourceware.org/bugzilla/show_bug.cgi?id=27501
(From OE-Core rev: 9cd6fea32edf8e4da0c33547e1df6d1ec81b350d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
(From OE-Core rev: 71ed22673545fc2bca5ac599416ecb42eb2781f8)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
From the intersection of the list of allowed workers
on https://git.yoctoproject.org/yocto-autobuilder2/tree/config.py
and the active workers on
https://autobuilder.yoctoproject.org/typhoon/#/workers
(From meta-yocto rev: eed6f8cd486d9dee764f20d967f07902288e7c65)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When including an initramfs bundle inside a FIT image, the fitImage is created
after the install task by do_assemble_fitimage_initramfs.
This happens after the generation of the initramfs bundle
(done by do_bundle_initramfs).
So, at the level of the install task we should not try to install the fitImage.
The fitImage is still not generated yet.
After the generation of the fitImage, the deploy task copies the fitImage from
the build directory to the deploy folder.
Change-Id: I3eaa6bba1412f388f710fa0f389f66631c1c4826
(From OE-Core rev: b70a8333a7467162b9d148b99f5970c0af2a531f)
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b67fd9ac74935fa41e960478c54e45422339138)
Signed-off-by: Frederic Martinsons <frederic.martinsons@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
If the instance name indicated by %i begins with a number, the meaning of the
replacement string "\\1{}".format(instance) is ambiguous.
To indicate group number 1 regardless of the instance name, use "\g<1>".
(From OE-Core rev: d18b939fb08b37380ce95934da38e6522392621c)
(From OE-Core rev: 682e094e6af67e67873f7f08dd8d52b40fcdbded)
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The following linux-firmware commit moved the mt7601u firmware blob
into a mediatek/ subdirectory, update the path accordingly.
8451c2b1 ("mt76xx: Move the old Mediatek WiFi firmware to mediatek")
(From OE-Core rev: 6fa5c4967a7e70192e9233c92534f27ec3e394c8)
Fixes: 64603f602d ("linux-firmware: upgrade 20230404 -> 20230515")
(From OE-Core rev: 2d56adfd53b0ea3b938c60bf57fd40f3d48b5c68)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
https://www.openssl.org/news/openssl-1.1.1-notes.html
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
All CVEs for upgrade to 1.1.1u were already patched, so effectively
this will apply patches for CVE-2023-3446 and CVE-2023-3817 plus
several non-CVE fixes.
Because of mips build changes were backported to openssl 1.1.1 branch,
backport of a patch from kirkstone is necessary.
(From OE-Core rev: be5d49d86553769deaf4754969d2cf6931d6ac34)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Updating to the latest korg -stable release that comprises
the following commits:
887433e4bc93 Linux 5.4.251
1e02fbe4f0ed tracing/histograms: Return an error if we fail to add histogram to hist_vars list
b1062596556e tcp: annotate data-races around fastopenq.max_qlen
21c325d01ecc tcp: annotate data-races around tp->notsent_lowat
7175277b4d0b tcp: annotate data-races around rskq_defer_accept
3121d649e4c6 tcp: annotate data-races around tp->linger2
b1cd5655fc13 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
8ce44cf35ef6 tcp: annotate data-races around tp->tcp_tx_delay
c822536b3e41 netfilter: nf_tables: can't schedule in nft_chain_validate
caa228792fb5 netfilter: nf_tables: fix spurious set element insertion failure
b8944e53ee70 llc: Don't drop packet from non-root netns.
b07e31824df6 fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
6d39e9fc5934 Revert "tcp: avoid the lookup process failing to get sk in ehash table"
0c0bd9789a8d net:ipv6: check return value of pskb_trim()
17046107ca15 iavf: Fix use-after-free in free_netdev
765e1eaf42de net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
3b6f56021af6 pinctrl: amd: Use amd_pinconf_set() for all config options
951f4e9730f1 fbdev: imxfb: warn about invalid left/right margin
3e03319ab97d spi: bcm63xx: fix max prepend length
c9f56f3c7bc9 igb: Fix igb_down hung on surprise removal
7d80e834625c wifi: iwlwifi: mvm: avoid baid size integer overflow
41d149376078 wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
970c7035f4b0 devlink: report devlink_port_type_warn source device
e09a285ea1e8 bpf: Address KCSAN report on bpf_lru_list
cec1857b1ea5 sched/fair: Don't balance task to its current running CPU
9d8d3df71516 arm64: mm: fix VA-range sanity check
8ad6679a5bb9 posix-timers: Ensure timer ID search-loop limit is valid
d0345f7c7dbc md/raid10: prevent soft lockup while flush writes
09539f9e2076 md: fix data corruption for raid456 when reshape restart while grow up
4181c30a2c55 nbd: Add the maximum limit of allocated index in nbd_dev_add
d4f1cd9b9d66 debugobjects: Recheck debug_objects_enabled before reporting
0afcebcec057 ext4: correct inline offset when handling xattrs in inode body
5d580017bdb9 drm/client: Fix memory leak in drm_client_modeset_probe
52daf6ba2e0d drm/client: Fix memory leak in drm_client_target_cloned
9533dbfac0ff can: bcm: Fix UAF in bcm_proc_show()
5dd838be69e4 selftests: tc: set timeout to 15 minutes
7f83199862c2 fuse: revalidate: don't invalidate if interrupted
ae91ab710d8e btrfs: fix warning when putting transaction with qgroups enabled after abort
e217a3d19e10 perf probe: Add test for regression introduced by switch to die_get_decl_file()
380c7ceabdde drm/atomic: Fix potential use-after-free in nonblocking commits
b7084ebf4f54 scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
3f22f9ddbb29 scsi: qla2xxx: Pointer may be dereferenced
a1c5149a82de scsi: qla2xxx: Correct the index of array
1b7e5bdf2be2 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
4f90a8b04816 scsi: qla2xxx: Fix potential NULL pointer dereference
d25fded78d88 scsi: qla2xxx: Wait for io return on terminate rport
056fd1820724 tracing/probes: Fix not to count error code to total length
93114cbc7cb1 tracing: Fix null pointer dereference in tracing_err_log_open()
597eb52583d4 xtensa: ISS: fix call to split_if_spec
e84829522fc7 ring-buffer: Fix deadloop issue on reading trace_pipe
481535905608 tracing/histograms: Add histograms to hist_vars if they have referenced variables
46574e5a0a2a tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
30962268fa1a tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
0697a1a592c7 Revert "8250: add support for ASIX devices with a FIFO bug"
45e55e9cac13 meson saradc: fix clock divider mask length
2cdced57bc00 ceph: don't let check_caps skip sending responses for revoke msgs
1883a484c87e hwrng: imx-rngc - fix the timeout for init and self check
e3373e6b6c79 firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
826c7bfe5c49 serial: atmel: don't enable IRQs prematurely
15d4bd0f0a6b drm/rockchip: vop: Leave vblank enabled in self-refresh
6bc6ec8b0a0b drm/atomic: Allow vblank-enabled + self-refresh "disable"
f86942709b0e fs: dlm: return positive pid value for F_GETLK
ecfd1f82c4f5 md/raid0: add discard support for the 'original' layout
dac4afa3efae misc: pci_endpoint_test: Re-init completion for every test
dd2210379205 misc: pci_endpoint_test: Free IRQs before removing the device
9cfa4ef25de5 PCI: rockchip: Set address alignment for endpoint mode
35aec6bc0c04 PCI: rockchip: Use u32 variable to access 32-bit registers
13b93891308c PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
c049b20655f6 PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
a1f311d430f2 PCI: rockchip: Write PCI Device ID to correct register
592795119f2b PCI: rockchip: Assert PCI Configuration Enable bit after probe
35c95eda7b6d PCI: qcom: Disable write access to read only registers for IP v2.3.3
b0aac7792525 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
f450388d8b6d PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
a4855aeb13e4 jfs: jfs_dmap: Validate db_l2nbperpage while mounting
ee2fd448608e ext4: only update i_reserved_data_blocks on successful block allocation
02543d1ddd77 ext4: fix wrong unit use in ext4_mb_clear_bb
96a85becb811 erofs: fix compact 4B support for 16k block size
42725e5c1b18 SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
29a560437f67 misc: fastrpc: Create fastrpc scalar with correct buffer count
b157987242bd powerpc: Fail build if using recordmcount with binutils v2.37
2b59740ebc86 net: bcmgenet: Ensure MDIO unregistration has clocks enabled
1fe96568e78b mtd: rawnand: meson: fix unaligned DMA buffers handling
86b9820395f2 tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
96a16069a81d pinctrl: amd: Only use special debounce behavior for GPIO 0
6dcb493fc478 pinctrl: amd: Detect internal GPIO0 debounce handling
a1a443651569 pinctrl: amd: Fix mistake in handling clearing pins at startup
cf57a0853ba5 net/sched: make psched_mtu() RTNL-less safe
96391959a99e net/sched: flower: Ensure both minimum and maximum ports are specified
166fa538e0dd cls_flower: Add extack support for src and dst port range options
aadca5f08aef wifi: airo: avoid uninitialized warning in airo_get_rate()
cc2c06ca7fbf erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
b55c38fe2441 platform/x86: wmi: Break possible infinite loop when parsing GUID
cb8a256202b9 platform/x86: wmi: move variables
669c488cb25a platform/x86: wmi: use guid_t and guid_equal()
fd8049d6553f platform/x86: wmi: remove unnecessary argument
4c8e26fc3302 platform/x86: wmi: Fix indentation in some cases
8717326e4362 platform/x86: wmi: Replace UUID redefinitions by their originals
c7eeba470585 ipv6/addrconf: fix a potential refcount underflow for idev
7a06554214fe NTB: ntb_tool: Add check for devm_kcalloc
88e243618e4c NTB: ntb_transport: fix possible memory leak while device_register() fails
b5b9e041eb04 ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
0ae4fac8fe33 NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
bb17520c0383 ntb: idt: Fix error handling in idt_pci_driver_init()
4e64ef41c6cf udp6: fix udp6_ehashfn() typo
61b4c4659746 icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
4c7276a6daf7 ionic: remove WARN_ON to prevent panic_on_warn
3e77647acdcf ionic: ionic_intr_free parameter change
f0dc38bdef52 ionic: move irq request to qcq alloc
7cf21fba1bf8 ionic: clean irq affinity on queue deinit
ef7fc26b6a19 ionic: improve irq numa locality
808211a8d427 net/sched: cls_fw: Fix improper refcount update leads to use-after-free
d98ac5bce2d5 net: mvneta: fix txq_map in case of txq_number==1
58cd168825b4 scsi: qla2xxx: Fix error code in qla2x00_start_sp()
b49b55a7d578 igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings
a45afb07121c igc: Remove delay during TX ring configuration
59c190082a01 drm/panel: simple: Add connector_type for innolux_at043tn24
64b76abfe32d drm/panel: Add and fill drm_panel type field
362940f8e40f drm/panel: Initialise panel dev and funcs through drm_panel_init()
6d5172a3ab8f workqueue: clean up WORK_* constant types, clarify masking
003d33924911 net: lan743x: Don't sleep in atomic context
373b9475ea8c block/partition: fix signedness issue for Amiga partitions
22df19fee7b9 tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
b7d636c924eb netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
61c7a5256543 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
565bdccdded3 netfilter: nf_tables: fix scheduling-while-atomic splat
7c4610ac3b41 netfilter: nf_tables: unbind non-anonymous set if rule construction fails
90d54ee329d2 netfilter: nf_tables: reject unbound anonymous set before commit phase
1df28fde1270 netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
1adb5c272b20 netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
077ef851f0a3 netfilter: nf_tables: add rescheduling points during loop detection walks
11352851944c netfilter: nf_tables: use net_generic infra for transaction data
d59ed9dc0058 netfilter: add helper function to set up the nfnetlink header and use it
fa498dead9ee netfilter: nftables: add helper function to set the base sequence number
ef35dd70a340 netfilter: nf_tables: fix nat hook table deletion
d1b7fe307c75 block: add overflow checks for Amiga partition support
2b71cbf7ab48 fanotify: disallow mount/sb marks on kernel internal pseudo fs
9a6ce27a5d61 fs: no need to check source
c1c41cda0ab1 ARM: orion5x: fix d2net gpio initialization
679c34821ab7 btrfs: fix race when deleting quota root from the dirty cow roots list
f0fbbd405a94 fs: Lock moved directories
b97ac51f8492 fs: Establish locking order for unrelated directories
d95dc41ad181 Revert "f2fs: fix potential corruption when moving a directory"
a9a926423a63 ext4: Remove ext4 locking of moved directory
eefebf8877d3 fs: avoid empty option when generating legacy mount string
e9a3310bc2fc jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
a249a61ac528 integrity: Fix possible multiple allocation in integrity_inode_get()
0729029e6472 bcache: Remove unnecessary NULL point check in node allocations
4be68f1c7076 mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
2f6c76994646 mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
c491e27151c1 mmc: core: disable TRIM on Kingston EMMC04G-M627
ce7278dedab7 NFSD: add encoding of op_recall flag for write delegation
5016511287dc ALSA: jack: Fix mutex call in snd_jack_report()
c64fda48a3ad i2c: xiic: Don't try to handle more interrupt events after error
696e470e910e i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
498962715773 sh: dma: Fix DMA channel offset calculation
58b1b3c54e16 net: dsa: tag_sja1105: fix MAC DA patching from meta frames
67a67e258407 net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
ab0085bd7902 xsk: Honor SO_BINDTODEVICE on bind
9347e432297e xsk: Improve documentation for AF_XDP
e63dc31b9452 tcp: annotate data races in __tcp_oow_rate_limited()
e9c2687988b7 net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
fffa51e786ce powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
45b34500f3ef f2fs: fix error path handling in truncate_dnode()
860d9b717f65 mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
398e6a015877 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
18d50fb44109 Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
4d8fc6137749 sctp: fix potential deadlock on &net->sctp.addr_wq_lock
999ff7fe492b rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
d5c39cca4d03 pwm: sysfs: Do not apply state to already disabled PWMs
5375c024f8ae pwm: imx-tpm: force 'real_period' to be zero in suspend
d252c74b8b7a mfd: stmpe: Only disable the regulators if they are enabled
d9db18addf42 KVM: s390: vsie: fix the length of APCB bitmap
baec796723b7 mfd: stmfx: Fix error path in stmfx_chip_init
5d26f134efa8 serial: 8250_omap: Use force_suspend and resume for system suspend
337073cacad4 mfd: intel-lpss: Add missing check for platform_get_resource
0a6afc83b028 usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
becd09685d44 KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
151b0dd6d1a0 mfd: rt5033: Drop rt5033-battery sub-device
8e8dae8eb230 usb: hide unused usbfs_notify_suspend/resume functions
fe9cdc198619 usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
1531ba3fab51 extcon: Fix kernel doc of property capability fields to avoid warnings
257daec29dcd extcon: Fix kernel doc of property fields to avoid warnings
648a163cff21 usb: dwc3: qcom: Fix potential memory leak
d485150c9a52 media: usb: siano: Fix warning due to null work_func_t function pointer
619e6f9a564a media: videodev2.h: Fix struct v4l2_input tuner index comment
e9586c49bdd4 media: usb: Check az6007_read() return value
fd869bdb5f12 sh: j2: Use ioremap() to translate device tree address into kernel memory
85f4c53849e4 w1: fix loop in w1_fini()
dc88382c1d44 block: change all __u32 annotations to __be32 in affs_hardblocks.h
fa8548d1a0a4 block: fix signed int overflow in Amiga partition support
bec218258cbd usb: dwc3: gadget: Propagate core init errors to UDC during pullup
f55127df9918 USB: serial: option: add LARA-R6 01B PIDs
bac502cd472a hwrng: st - keep clock enabled while hwrng is registered
071560202a52 hwrng: st - Fix W=1 unused variable warning
18fa56ca4cb8 NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
c182d87c67e2 ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
02dc8e8bdbe4 modpost: fix off by one in is_executable_section()
1030c0c30968 crypto: marvell/cesa - Fix type mismatch warning
ad3c4ecff00b modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
084bf580019c modpost: fix section mismatch message for R_ARM_ABS32
c893658d9ce6 crypto: nx - fix build warnings when DEBUG_FS is not enabled
a43bcb0b661c hwrng: virtio - Fix race on data_avail and actual data
b70315e44f03 hwrng: virtio - always add a pending request
102a354d52ca hwrng: virtio - don't waste entropy
f2a7dfd35f0c hwrng: virtio - don't wait on cleanup
6fe732764a58 hwrng: virtio - add an internal buffer
2cbfb51d2c7e powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
aa3932eb0739 pinctrl: at91-pio4: check return value of devm_kasprintf()
e297350c33f6 perf dwarf-aux: Fix off-by-one in die_get_varname()
7f822c8036fe pinctrl: cherryview: Return correct value if pin in push-pull mode
1768e362f20f PCI: Add pci_clear_master() stub for non-CONFIG_PCI
5d3955bc32d4 PCI: ftpci100: Release the clock resources
331dce61c0d4 PCI: pciehp: Cancel bringup sequence if card is not present
f58c8563686b scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
666e7f9d60ce PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
961c8370c5f7 scsi: qedf: Fix NULL dereference in error handling
6f64558b43cf ASoC: imx-audmix: check return value of devm_kasprintf()
35455616110b clk: keystone: sci-clk: check return value of kasprintf()
ffe6ad17cf14 clk: cdce925: check return value of kasprintf()
5f13d67027fa ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
801c8341f7af clk: tegra: tegra124-emc: Fix potential memory leak
262db3ff58e2 drm/radeon: fix possible division-by-zero errors
cacc0506e571 drm/amdkfd: Fix potential deallocation of previously deallocated memory.
9e3858f82e3c fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
5541d1856c87 arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
40ac5cb6cbb0 IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
68e0033dee72 soc/fsl/qe: fix usb.c build errors
b756eb5eb9b0 ASoC: es8316: Do not set rate constraints for unsupported MCLKs
d1c1ca27cac0 ASoC: es8316: Increment max value for ALC Capture Target Volume control
b54bac970b54 memory: brcmstb_dpfe: fix testing array offset after use
f54142ed16b5 ARM: ep93xx: fix missing-prototype warnings
c2324c5aa247 drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
4a23954279fc arm64: dts: qcom: msm8916: correct camss unit address
97dcb8dfefaa ARM: dts: gta04: Move model property out of pinctrl node
25bbd1c7bef8 RDMA/bnxt_re: Fix to remove an unnecessary log
ed039ad88ab0 drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
87ccaf56097a Input: adxl34x - do not hardcode interrupt trigger type
c7a8cc9140cf ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
c516c00847f5 Input: drv260x - sleep between polling GO bit
3e789aee218b radeon: avoid double free in ci_dpm_init()
bc5b57a23087 netlink: Add __sock_i_ino() for __netlink_diag_dump().
1c405b3d3769 ipvlan: Fix return value of ipvlan_queue_xmit()
1d2ab3d4383e netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
337fdce45063 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
32deadf89430 lib/ts_bm: reset initial match offset for every block of text
dd6ff3f38627 net: nfc: Fix use-after-free caused by nfc_llcp_find_local
edc5d8776a32 nfc: llcp: simplify llcp_sock_connect() error paths
9c9662e2512b gtp: Fix use-after-free in __gtp_encap_destroy().
08d8ff1bc688 selftests: rtnetlink: remove netdevsim device after ipsec offload test
bd1de6107f10 netlink: do not hard code device address lenth in fdb dumps
8f6652ed2ad9 netlink: fix potential deadlock in netlink_set_err()
88d89b4a3102 wifi: ath9k: convert msecs to jiffies where needed
76d5bda2c3af wifi: cfg80211: rewrite merging of inherited elements
e4c33144fc75 wifi: iwlwifi: pull from TXQs with softirqs disabled
2ba902da9090 rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
786e264b37d2 wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
68305a19bada memstick r592: make memstick_debug_get_tpc_name() static
6f4454ccbea9 kexec: fix a memory leak in crash_shrink_memory()
4503261ab97b watchdog/perf: more properly prevent false positives with turbo modes
d5fa3918dfce watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
7874fb3bef8b wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
4dc3560561a0 wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
f432198058a6 wifi: ray_cs: Fix an error handling path in ray_probe()
8fe51dce8bdc wifi: ray_cs: Drop useless status variable in parse_addr()
0dec0ad304d4 wifi: ray_cs: Utilize strnlen() in parse_addr()
ee73ad566a29 wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
b7df4e0cb4ed wl3501_cs: use eth_hw_addr_set()
24f34f67be24 net: create netdev->dev_addr assignment helpers
dd5dca10d806 wl3501_cs: Fix misspelling and provide missing documentation
051d70773b9c wl3501_cs: Remove unnecessary NULL check
91c3c9eaf1ed wl3501_cs: Fix a bunch of formatting issues related to function docs
add539f7d16b wifi: atmel: Fix an error handling path in atmel_probe()
5b06f702805d wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
ca4a2955d866 wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
91c3325da240 regulator: core: Streamline debugfs operations
1bb38ef697e4 regulator: core: Fix more error checking for debugfs_create_dir()
6ca0c94f2b02 nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
66a1be74230b nfc: constify several pointers to u8, char and sk_buff
fea2104e752a wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
bc5099512057 spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
f394d204d640 samples/bpf: Fix buffer overflow in tcp_basertt
90e3c1017757 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
be3989d93be3 wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
717e4277ddf7 ima: Fix build warnings
8430a8e8e854 pstore/ram: Add check for kstrdup
540cdd720772 evm: Complete description of evm_inode_setattr()
568b73406d93 ARM: 9303/1: kprobes: avoid missing-declaration warnings
ba6da16eefb1 powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
c97460ce1f7c PM: domains: fix integer overflow issues in genpd_parse_state()
54cc10a0f4b0 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
38ca169d66c3 clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
8af3b8d770da tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
7b0c664541cd irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
d244927e350e irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
be481881753b md/raid10: fix io loss while replacement replace rdev
45fa023b3334 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
31c805a44b75 md/raid10: fix wrong setting of max_corr_read_errors
283f4a63fee3 md/raid10: fix overflow of md/safe_mode_delay
b0b971fe7d61 md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
484104918305 x86/resctrl: Only show tasks' pid in current pid namespace
7206eca1ac44 x86/resctrl: Use is_closid_match() in more places
6f2bb37da468 bgmac: fix *initial* chip reset to support BCM5358
794bfb6fd992 drm/amdgpu: Validate VM ioctl flags.
2a4cfd5b0354 scripts/tags.sh: Resolve gtags empty index generation
fff826d665f9 drm/i915: Initialise outparam for error return from wait_for_register
99036f1aed7e HID: wacom: Use ktime_t rather than int when dealing with timestamps
815c95d82b79 fbdev: imsttfb: Fix use after free bug in imsttfb_probe
a7c8d2f3753d video: imsttfb: check for ioremap() failures
f042d80a631f x86/smp: Use dedicated cache-line for mwait_play_dead()
23f98fe887ce gfs2: Don't deref jdesc in evict
(From OE-Core rev: 9d509daf5fdae6b5dd8a81490ee40ea119a42024)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Updating to the latest korg -stable release that comprises
the following commits:
27745d94abe1 Linux 5.4.250
00363ef30797 x86/cpu/amd: Add a Zenbleed fix
92b292bed627 x86/cpu/amd: Move the errata checking functionality up
4d4112e2845c x86/microcode/AMD: Load late on both threads too
(From OE-Core rev: 55f3f04896f1c301bbc7e18360ac05ff583b7a1d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Updating to the latest korg -stable release that comprises
the following commits:
b30db4f7e45f Linux 5.4.249
c87439055174 xfs: verify buffer contents when we skip log replay
72ab3d39b443 mm: make wait_on_page_writeback() wait for multiple pending writebacks
9ea42ba3e695 mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback)
dffd25725e99 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
f89bcf03e90c x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
a43c763f9cbe drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
45f574d8dfc1 drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
c81a542e45a0 drm/exynos: vidi: fix a wrong error return
948b8b5fd0f3 ARM: dts: Fix erroneous ADS touchscreen polarities
8d6f9f5f3bfc ASoC: nau8824: Add quirk to active-high jack-detect
d6fd1b3f7648 s390/cio: unregister device when the only path is gone
0de32d3dd39d usb: gadget: udc: fix NULL dereference in remove()
823dd7de8213 nfcsim.c: Fix error checking for debugfs_create_dir
c32b39d0707b media: cec: core: don't set last_initiator if tx in progress
a69a15a1e789 arm64: Add missing Set/Way CMO encodings
99de9a18e646 HID: wacom: Add error check to wacom_parse_and_register()
2af8d9637270 scsi: target: iscsi: Prevent login threads from racing between each other
321a81d26c8d sch_netem: acquire qdisc lock in netem_change()
91274bbe78a2 Revert "net: phy: dp83867: perform soft reset and retain established link"
25c8d38c7560 netfilter: nfnetlink_osf: fix module autoload
476c617e4dd4 netfilter: nf_tables: disallow element updates of bound anonymous sets
d3b110395fea be2net: Extend xmit workaround to BE3 chip
789d5286060f net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
35373d602bd4 ipvs: align inner_mac_header for encapsulation
ee155675bda8 mmc: usdhi60rol0: fix deferred probing
0bd483fb95ce mmc: sh_mmcif: fix deferred probing
6160d37db171 mmc: sdhci-acpi: fix deferred probing
b25875cf5e3b mmc: omap_hsmmc: fix deferred probing
cbb0118f8aa0 mmc: omap: fix deferred probing
e0d505356973 mmc: mvsdio: fix deferred probing
c2e675509ff8 mmc: mvsdio: convert to devm_platform_ioremap_resource
3ef787d61972 mmc: mtk-sd: fix deferred probing
3c01d64996be net: qca_spi: Avoid high load if QCA7000 is not available
bf7a4fd33669 xfrm: Linearize the skb after offloading if needed.
d0fe8a733fa7 ieee802154: hwsim: Fix possible memory leaks
dfcac203a36a rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
94199d4727f6 x86/mm: Avoid using set_pgd() outside of real PGD pages
be178a5eae0f cifs: Fix potential deadlock when updating vol in cifs_reconnect()
8a5aaa4562a9 cifs: Merge is_path_valid() into get_normalized_path()
339134c15c64 cifs: Introduce helpers for finding TCP connection
cf8c7aa90618 cifs: Get rid of kstrdup_const()'d paths
3fa4c08104c4 cifs: Clean up DFS referral cache
b73539b887a4 nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
1cc7dcfdeb5e writeback: fix dereferencing NULL mapping->host on writeback_page_template
18a0202bec17 ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
ab530c9bec51 mmc: meson-gx: remove redundant mmc_request_done() call from irq context
88b373d1c5e9 cgroup: Do not corrupt task iteration when rebinding subsystem
c06c568e43e7 PCI: hv: Fix a race condition bug in hv_pci_query_relations()
f02a67690777 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
966708ed9dd9 nilfs2: fix buffer corruption due to concurrent device reads
a93ae93e9f1b media: dvb-core: Fix use-after-free due to race at dvb_register_device()
225bd8cc9c3f media: dvbdev: fix error logic at dvb_register_device()
5bc971f0435f media: dvbdev: Fix memleak in dvb_register_device
40d7530bc7fd tick/common: Align tick period during sched_timer setup
b9b61fd1f74d x86/purgatory: remove PGO flags
4d02a166cbee tracing: Add tracing_reset_all_online_cpus_unlocked() function
e14e9cc588bd epoll: ep_autoremove_wake_function should use list_del_init_careful
e77e5481d5bf list: add "list_del_init_careful()" to go with "list_empty_careful()"
c32ab1c1959a mm: rewrite wait_on_page_bit_common() logic
559cefc7c25f nilfs2: reject devices with insufficient block count
(From OE-Core rev: c03281719f62d47ff98a4172cc48d875cbde5f2e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The commit [https://github.com/openembedded/openembedded-core/commit/c22bbe9b45e3]
backports fix for CVE-2023-25193 for version 2.6.4.
The apply() in src/hb-ot-layout-gpos-table.hh ends prematurely.
The if block in apply() has an extra return statement,
which causes it to return w/o executing
buffer->unsafe_to_concat_from_outbuffer() function.
(From OE-Core rev: e3fda60c4131c21cfb3139c56c1771e342d4b9bf)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Currently json.loads() accepts one of the types str, bytes, or bytearray
as an argument, but bytes and bytearrays have only been allowed since
python 3.6. The version of Python3 provided by default on Ubuntu 16.04
and Debian 9.x is 3.5, so make raw_data type str to work correctly on
these build hosts.
(From OE-Core rev: 4efdf7a93254056b9ac47de470740ac113b031f2)
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport patch from upstream master.
There were three changes needed to apply the patch:
* move NEWS change to start of the file
* change file location from src/ps/ to ps/
* change xmalloc/xcmalloc to malloc/cmalloc
The x*malloc functions were introduced in commit in future version.
https://gitlab.com/procps-ng/procps/-/commit/584028dbe513127ef68c55aa631480454bcc26bf
They call the original function plus additionally throw error when out of memory.
https://gitlab.com/procps-ng/procps/-/blob/v4.0.3/local/xalloc.h?ref_type=tags
So this replacement is correct in context of our version.
(From OE-Core rev: 1632c7223b2f8cd595e1ba20bc006c68fc833295)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
Ross Burton
Steve Sakoman
Ross Burton
Michael Opdenacker
Richard Purdie
Anuj Mittal
Staffan Rydén
Michael Halstead
Priyal Doshi
Vijay Anusuri
Ashish Sharma
Shubham Kulkarni
Kai Kang
Yoann Congal
Dmitry Baryshkov
BELOUARGA Mohamed
Trevor Gamblin
Wang Mingyu
Chee Yang Lee
Abdellatif El Khlifi
Yuta Hayama
Marek Vasut
Peter Marko
Bruce Ashfield
Dhairya Nagodra