* [zeus][PATCH 1/9] icu: fix CVE-2020-10531
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 2/9] screen: fix CVE-2020-9366 Anuj Mittal
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-support/icu/icu/CVE-2020-10531.patch | 122 ++++++++++++++++++++++
meta/recipes-support/icu/icu_64.2.bb | 1 +
2 files changed, 123 insertions(+)
create mode 100644 meta/recipes-support/icu/icu/CVE-2020-10531.patch
diff --git a/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
new file mode 100644
index 0000000..56303fc
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
@@ -0,0 +1,122 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+
+Upstream-Status: Backport [https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca]
+CVE: CVE-2020-10531
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ icu4c/source/common/unistr.cpp | 6 ++-
+ icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
+ icu4c/source/test/intltest/ustrtest.h | 1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
+index 901bb3358ba..077b4d6ef20 100644
+--- a/icu4c/source/common/unistr.cpp
++++ b/icu4c/source/common/unistr.cpp
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+ }
+
+ int32_t oldLength = length();
+- int32_t newLength = oldLength + srcLength;
++ int32_t newLength;
++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++ setToBogus();
++ return *this;
++ }
+
+ // Check for append onto ourself
+ const UChar* oldArray = getArrayStart();
+diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp
+index b6515ea813c..ad38bdf53a3 100644
+--- a/icu4c/source/test/intltest/ustrtest.cpp
++++ b/icu4c/source/test/intltest/ustrtest.cpp
+@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
+ TESTCASE_AUTO(TestWCharPointers);
+ TESTCASE_AUTO(TestNullPointers);
+ TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
++ TESTCASE_AUTO(TestLargeAppend);
+ TESTCASE_AUTO_END;
+ }
+
+@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
+ str.insert(2, sub);
+ assertEquals("", u"abbcdcde", str);
+ }
++
++void UnicodeStringTest::TestLargeAppend() {
++ if(quick) return;
++
++ IcuTestErrorCode status(*this, "TestLargeAppend");
++ // Make a large UnicodeString
++ int32_t len = 0xAFFFFFF;
++ UnicodeString str;
++ char16_t *buf = str.getBuffer(len);
++ // A fast way to set buffer to valid Unicode.
++ // 4E4E is a valid unicode character
++ uprv_memset(buf, 0x4e, len * 2);
++ str.releaseBuffer(len);
++ UnicodeString dest;
++ // Append it 16 times
++ // 0xAFFFFFF times 16 is 0xA4FFFFF1,
++ // which is greater than INT32_MAX, which is 0x7FFFFFFF.
++ int64_t total = 0;
++ for (int32_t i = 0; i < 16; i++) {
++ dest.append(str);
++ total += len;
++ if (total <= INT32_MAX) {
++ assertFalse("dest is not bogus", dest.isBogus());
++ } else {
++ assertTrue("dest should be bogus", dest.isBogus());
++ }
++ }
++ dest.remove();
++ total = 0;
++ for (int32_t i = 0; i < 16; i++) {
++ dest.append(str);
++ total += len;
++ if (total + len <= INT32_MAX) {
++ assertFalse("dest is not bogus", dest.isBogus());
++ } else if (total <= INT32_MAX) {
++ // Check that a string of exactly the maximum size works
++ UnicodeString str2;
++ int32_t remain = INT32_MAX - total;
++ char16_t *buf2 = str2.getBuffer(remain);
++ if (buf2 == nullptr) {
++ // if somehow memory allocation fail, return the test
++ return;
++ }
++ uprv_memset(buf2, 0x4e, remain * 2);
++ str2.releaseBuffer(remain);
++ dest.append(str2);
++ total += remain;
++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
++ assertFalse("dest is not bogus", dest.isBogus());
++
++ // Check that a string size+1 goes bogus
++ str2.truncate(1);
++ dest.append(str2);
++ total++;
++ assertTrue("dest should be bogus", dest.isBogus());
++ } else {
++ assertTrue("dest should be bogus", dest.isBogus());
++ }
++ }
++}
+diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h
+index 218befdcc68..4a356a92c7a 100644
+--- a/icu4c/source/test/intltest/ustrtest.h
++++ b/icu4c/source/test/intltest/ustrtest.h
+@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest {
+ void TestWCharPointers();
+ void TestNullPointers();
+ void TestUnicodeStringInsertAppendToSelf();
++ void TestLargeAppend();
+ };
+
+ #endif
diff --git a/meta/recipes-support/icu/icu_64.2.bb b/meta/recipes-support/icu/icu_64.2.bb
index 10bac7a..2ed8077 100644
--- a/meta/recipes-support/icu/icu_64.2.bb
+++ b/meta/recipes-support/icu/icu_64.2.bb
@@ -18,6 +18,7 @@ SRC_URI = "${BASE_SRC_URI} \
file://fix-install-manx.patch \
file://0001-Fix-big-endian-build.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://CVE-2020-10531.patch;striplevel=3 \
"
SRC_URI_append_class-target = "\
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 2/9] screen: fix CVE-2020-9366
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 3/9] sanity: check for more bits of Python Anuj Mittal
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../screen/screen/CVE-2020-9366.patch | 48 ++++++++++++++++++++++
meta/recipes-extended/screen/screen_4.6.2.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-extended/screen/screen/CVE-2020-9366.patch
diff --git a/meta/recipes-extended/screen/screen/CVE-2020-9366.patch b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
new file mode 100644
index 0000000..a52b9e6
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
@@ -0,0 +1,48 @@
+From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
+Date: Thu, 30 Jan 2020 17:56:27 +0100
+Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+echo -e "\e]49\e; \n\ec"
+crashes screen.
+
+This happens because 49 is divided by 10 and used as table index
+resulting in access to w_xtermosc[4], which is out of bounds with table
+itself being size 4. Increase size of table by 1 to 5, which is enough
+for all current uses.
+
+As this overwrites memory based on user input it is potential security
+issue.
+
+Reported-by: pippin@gimp.org
+Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b]
+CVE: CVE-2020-9366
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ window.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/window.h b/window.h
+index bd10dcd..a8afa19 100644
+--- a/window.h
++++ b/window.h
+@@ -237,7 +237,7 @@ struct win
+ char w_vbwait;
+ char w_norefresh; /* dont redisplay when switching to that win */
+ #ifdef RXVT_OSC
+- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
+ #endif
+ int w_mouse; /* mouse mode 0,9,1000 */
+ #ifdef HAVE_BRAILLE
diff --git a/meta/recipes-extended/screen/screen_4.6.2.bb b/meta/recipes-extended/screen/screen_4.6.2.bb
index 21b476d..d00b849 100644
--- a/meta/recipes-extended/screen/screen_4.6.2.bb
+++ b/meta/recipes-extended/screen/screen_4.6.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
file://0001-fix-for-multijob-build.patch \
file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \
file://0001-Remove-more-compatibility-stuff.patch \
+ file://CVE-2020-9366.patch \
"
SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 3/9] sanity: check for more bits of Python
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 2/9] screen: fix CVE-2020-9366 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation Anuj Mittal
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@intel.com>
MJ: icu in master doesn't need distutils anymore, because icu 65.1 currently in
dunfell/master doesn't depend on python3-distutils anymore since:
https://github.com/unicode-org/icu/commit/b4d41b0561b6e8de38b99850ce0e4be8ef536bb1
but the icu-64.2 in zeus and openembedded-core/meta/recipes-core/ovmf/ovmf_git.bb
still need python3-distutils as described in:
http://lists.openembedded.org/pipermail/openembedded-core/2020-March/293984.html
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/sanity.bbclass | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 936fe91..5c2f8f9 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -625,13 +625,14 @@ def check_sanity_version_change(status, d):
# In other words, these tests run once in a given build directory and then
# never again until the sanity version or host distrubution id/version changes.
- # Check the python install is complete. glib-2.0-natives requries
- # xml.parsers.expat
+ # Check the python install is complete. Examples that are often removed in
+ # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
+ # requires distutils.sysconfig.
try:
import xml.parsers.expat
- except ImportError:
- status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
- import stat
+ import distutils.sysconfig
+ except ImportError as e:
+ status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
status.addresult(check_make_version(d))
status.addresult(check_patch_version(d))
@@ -667,6 +668,7 @@ def check_sanity_version_change(status, d):
status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
# Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
+ import stat
tmpdir = d.getVar('TMPDIR')
status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
tmpdirmode = os.stat(tmpdir).st_mode
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (2 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 3/9] sanity: check for more bits of Python Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188 Anuj Mittal
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Julius Hemanth Pitti <jpitti@cisco.com>
nfs-utils 2.4.1, moves from "stat" to "statx
with AT_STATX_DONT_SYNC" in parts of the code.
statx is supported in Linux kernel v4.11 and above.
For all older kernels glibc emulates statx, and it
doesn't support AT_STATX_DONT_SYNC and will return
EINVAL.
When server uses nfs-utils 2.4.1 on kernel v4.10
and older, mount.nfs4 would fail with error
"reason given by server: No such file or directory".
Since Linux v4.4 and v4.9 are LTS, its more likely
that people would use above combination.
This issue has been fixed in nfs-utils 2.4.3 and
above. Backporting fix to 2.4.1.
Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...01-Disable-statx-if-using-glibc-emulation.patch | 34 ++++++++++++++++++++++
.../nfs-utils/nfs-utils_2.4.1.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
new file mode 100644
index 0000000..98b1391
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
@@ -0,0 +1,34 @@
+From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001
+From: Doug Nazar <nazard@nazar.ca>
+Date: Mon, 9 Dec 2019 10:53:37 -0500
+Subject: [PATCH] Disable statx if using glibc emulation
+
+On older kernels without statx, glibc with statx support will attempt
+to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and
+will return EINVAL. This causes all xstat/xlstat calls to fail.
+
+Upstream-Status: Backport
+
+Signed-off-by: Doug Nazar <nazard@nazar.ca>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/misc/xstat.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/misc/xstat.c b/support/misc/xstat.c
+index 661e29e4..a438fbcc 100644
+--- a/support/misc/xstat.c
++++ b/support/misc/xstat.c
+@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags)
+ statx_copy(statbuf, &stxbuf);
+ return 0;
+ }
++ /* glibc emulation doesn't support AT_STATX_DONT_SYNC */
++ if (errno == EINVAL)
++ errno = ENOSYS;
+ if (errno == ENOSYS)
+ statx_supported = 0;
+ } else
+--
+2.19.1
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
index 7e80354..3ae8f96 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
@@ -33,6 +33,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
file://0001-Fix-include-order-between-config.h-and-stat.h.patch \
+ file://0001-Disable-statx-if-using-glibc-emulation.patch \
"
SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (3 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 6/9] e2fsprogs: backport upstream patch Anuj Mittal
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Also see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948508
(From OE-Core rev: 09bdcef183d885025da6aa87a7c2bf7e8268774e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...k-don-t-try-to-rehash-a-deleted-directory.patch | 49 +++++++++++++++++++
.../e2fsprogs/e2fsprogs/CVE-2019-5188.patch | 57 ++++++++++++++++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 2 +
3 files changed, 108 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
new file mode 100644
index 0000000..ba4e3a3
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
@@ -0,0 +1,49 @@
+From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:45:06 -0500
+Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
+
+If directory has been deleted in pass1[bcd] processing, then we
+shouldn't try to rehash the directory in pass 3a when we try to
+rehash/reoptimize directories.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ e2fsck/pass1b.c | 4 ++++
+ e2fsck/rehash.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 5693b9cf..bca701ca 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ if (ctx->inode_bad_map)
+ ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++ if (ctx->inode_reg_map)
++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ quota_data_sub(ctx->qctx, &dp->inode, ino,
+ pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 3dd1e941..2c908be0 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ if (!ext2fs_u32_list_iterate(iter, &ino))
+ break;
+ }
++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++ continue;
+
+ pctx.dir = ino;
+ if (first) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 0000000..de4bce0
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,57 @@
+From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:37:34 -0500
+Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
+ rehashing
+
+In e2fsck pass 3a, when we are rehashing directories, at least in
+theory, all of the directories should have had corruptions with
+respect to directory entry structure fixed. However, it's possible
+(for example, if the user declined a fix) that we can reach this stage
+of processing with a corrupted directory entries.
+
+So check for that case and don't try to process a corrupted directory
+block so we don't run into trouble in mutate_name() if there is a
+zero-length file name.
+
+Addresses: TALOS-2019-0973
+Addresses: CVE-2019-5188
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+CVE: CVE-2019-5188
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
+---
+ e2fsck/rehash.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index a5fc1be1..3dd1e941 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
+ dir_offset += rec_len;
+ if (dirent->inode == 0)
+ continue;
++ if ((name_len) == 0) {
++ fd->err = EXT2_ET_DIR_CORRUPTED;
++ return BLOCK_ABORT;
++ }
+ if (!fd->compress && (name_len == 1) &&
+ (dirent->name[0] == '.'))
+ continue;
+@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ continue;
+ }
+ new_len = ext2fs_dirent_name_len(ent->dir);
++ if (new_len == 0) {
++ /* should never happen */
++ ext2fs_unmark_valid(fs);
++ continue;
++ }
+ memcpy(new_name, ent->dir->name, new_len);
+ mutate_name(new_name, &new_len);
+ for (j=0; j < fd->num_array; j++) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 14c05a4..2014e68 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -6,6 +6,8 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://mkdir_p.patch \
file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
file://CVE-2019-5094.patch \
+ file://CVE-2019-5188.patch \
+ file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 6/9] e2fsprogs: backport upstream patch
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (4 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain Anuj Mittal
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Fixes a bug wherein a use after free could potentially be used to run
malicious code if a user can be tricked into running e2fsck on a
maliciously crafted file system.
Also see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948517
(From OE-Core rev: 23c1b157362609bd8d85c7d35e6c7f0f60c32c88)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...fsck-fix-use-after-free-in-calculate_tree.patch | 76 ++++++++++++++++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 1 +
2 files changed, 77 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
new file mode 100644
index 0000000..342a2b8
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
@@ -0,0 +1,76 @@
+From: Wang Shilong <wshilong@ddn.com>
+Date: Mon, 30 Dec 2019 19:52:39 -0500
+Subject: e2fsck: fix use after free in calculate_tree()
+
+The problem is alloc_blocks() will call get_next_block() which might
+reallocate outdir->buf, and memory address could be changed after
+this. To fix this, pointers that point into outdir->buf, such as
+int_limit and root need to be recaulated based on the new starting
+address of outdir->buf.
+
+[ Changed to correctly recalculate int_limit, and to optimize how we
+ reallocate outdir->buf. -TYT ]
+
+Addresses-Debian-Bug: 948517
+Signed-off-by: Wang Shilong <wshilong@ddn.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
+---
+ e2fsck/rehash.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 0a5888a9..2574e151 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
+ errcode_t retval;
+
+ if (outdir->num >= outdir->max) {
+- retval = alloc_size_dir(fs, outdir, outdir->max + 50);
++ int increment = outdir->max / 10;
++
++ if (increment < 50)
++ increment = 50;
++ retval = alloc_size_dir(fs, outdir, outdir->max + increment);
+ if (retval)
+ return retval;
+ }
+@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
++
+ *next_ent = set_int_node(fs, block_start);
+ *limit = (struct ext2_dx_countlimit *)(*next_ent);
+ if (next_offset)
+@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ return retval;
+ }
+ if (c3 == 0) {
++ int delta1 = (char *)int_limit - outdir->buf;
++ int delta2 = (char *)root - outdir->buf;
++
+ retval = alloc_blocks(fs, &limit, &int_ent,
+ &dx_ent, &int_offset,
+ NULL, outdir, i, &c2,
+@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ int_limit = (struct ext2_dx_countlimit *)
++ (outdir->buf + delta1);
++ root = (struct ext2_dx_entry *)
++ (outdir->buf + delta2);
+ }
+ dx_ent->block = ext2fs_cpu_to_le32(i);
+ if (c3 != limit->limit)
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 2014e68..f81defb 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://CVE-2019-5094.patch \
file://CVE-2019-5188.patch \
file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+ file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (5 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 6/9] e2fsprogs: backport upstream patch Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
The security flags were missing from the SDK toolchain
because they were added specifically to class-target.
Add them to class-cross-canadian as well (since the SDK environment
file is created from cross-canadian target flags).
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Antoine Manache <a.manache@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/conf/distro/include/security_flags.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index aaf04e9..568d036 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
SECURITY_STACK_PROTECTOR_pn-glibc = ""
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (6 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/4.19 to the latest korg -stable release that comprises
the following commits:
16ae5406361a crypto: CVE-2019-18808
a083db76118d Linux 4.19.107
cfc30449bbc5 Revert "char/random: silence a lockdep splat with printk()"
8541452acba5 s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
fee87e931cc5 xen: Enable interrupts when calling _cond_resched()
28a73a946a46 ata: ahci: Add shutdown to freeze hardware resources of ahci
43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
5a2972600a2f ALSA: seq: Fix concurrent access to queue current tick/time
b105447809b1 ALSA: seq: Avoid concurrent access to queue flags
63495d1e1c7c ALSA: rawmidi: Avoid bit fields for state flags
bf3043d27755 bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill
3132696dd748 genirq/proc: Reject invalid affinity masks (again)
ba2c07dfa0d8 iommu/vt-d: Fix compile warning from intel-svm.h
c0965be4b28b ecryptfs: replace BUG_ON with error handling code
1bae8f424c84 staging: greybus: use after free in gb_audio_manager_remove_all()
568991c91849 staging: rtl8723bs: fix copy of overlapping memory
f8e6a3412dc6 usb: dwc2: Fix in ISOC request length checking
de8dbb7b02fa usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
1cad1a6497ec scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
c66b2b571211 scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
b046c6fec04e Revert "dmaengine: imx-sdma: Fix memory leak"
cd26d53a27d6 Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
4d886f91ca13 btrfs: do not check delayed items are empty for single transaction cleanup
68b7db197bf8 btrfs: reset fs_root to NULL on error in open_ctree
0ba8e5f347b2 btrfs: fix bytes_may_use underflow in prealloc error condtition
e541982a6e5f KVM: apic: avoid calculating pending eoi from an uninitialized val
267eec2d216d KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
85dd0eb771e8 KVM: nVMX: Check IO instruction VM-exit conditions
e5c0857bd5cc KVM: nVMX: Refactor IO bitmap checks into helper function
8cf20fb73e73 ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
48fdbe2a818d ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
b7dc081c24db ext4: fix mount failure with quota configured as module
50017cec3dbb ext4: fix potential race between s_flex_groups online resizing and access
7720966a68c8 ext4: fix potential race between s_group_info online resizing and access
cc9948abe47b ext4: fix potential race between online resizing and write operations
38884609b8b5 ext4: add cond_resched() to __ext4_find_entry()
9b6e90918bc0 ext4: fix a data race in EXT4_I(inode)->i_disksize
0e3a6e86d43b drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets
da3418ad747f lib/stackdepot.c: fix global out-of-bounds in stack_slabs
56ad5b4b7405 tty: serial: qcom_geni_serial: Fix RX cancel command failure
e6ebad85883d tty: serial: qcom_geni_serial: Remove xfer_mode variable
4e438733f727 tty: serial: qcom_geni_serial: Remove set_rfr_wm() and related variables
1cc8834773b2 tty: serial: qcom_geni_serial: Remove use of *_relaxed() and mb()
4d1a94fa6d14 tty: serial: qcom_geni_serial: Remove interrupt storm
0a38fd9326fd tty: serial: qcom_geni_serial: Fix UART hang
fe1cfc645845 KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
ed9e97c35b45 KVM: nVMX: Don't emulate instructions in guest mode
6ca274be314b xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
8300ed5a2175 drm/amdgpu/soc15: fix xclk for raven
837ba4829b9f mm/vmscan.c: don't round up scan size for online memory cgroup
ea2a11561d01 genirq/irqdomain: Make sure all irq domain flags are distinct
576c04cbbef2 nvme-multipath: Fix memory leak with ana_log_buf
e75d2de90b86 mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps()
cf85f00f87db Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
af4693daff1b MAINTAINERS: Update drm/i915 bug filing URL
c9ca2010202b serdev: ttyport: restore client ops on deregistration
463a3db812d9 tty: serial: imx: setup the correct sg entry for tx dma
6807593e8edc tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
f4e6d51f3f40 serial: 8250: Check UPF_IRQ_SHARED in advance
f28ec250579c x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
5e5b443ae6cc x86/mce/amd: Fix kobject lifetime
0a3aca3a0f41 x86/mce/amd: Publish the bank pointer only after setup has succeeded
4512119ac90a jbd2: fix ocfs2 corrupt when clearing block group bits
72e2df70fb52 powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery
e34182fb8a2f staging: rtl8723bs: Fix potential overuse of kernel memory
e4770de3ae41 staging: rtl8723bs: Fix potential security hole
b4eab56d96f1 staging: rtl8188eu: Fix potential overuse of kernel memory
2a50bd9e2a69 staging: rtl8188eu: Fix potential security hole
d59f6a6e35b7 usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields
c787444891a4 usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows
8cfda0c9c966 USB: hub: Fix the broken detection of USB3 device in SMSC hub
37d2eb43b64c USB: hub: Don't record a connect-change event during reset-resume
babaa26b7c1c USB: Fix novation SourceControl XL after suspend
2debc1717cf2 usb: uas: fix a plug & unplug racing
4db4761cfe15 USB: quirks: blacklist duplicate ep on Sound Devices USBPre2
63d176ed148a USB: core: add endpoint-blacklist quirk
d74d5d042d42 usb: host: xhci: update event ring dequeue pointer on purpose
2a2582dc62e9 xhci: Fix memory leak when caching protocol extended capability PSI tables - take 2
7c8cde41a0c3 xhci: fix runtime pm enabling for quirky Intel hosts
dce60e7efa97 xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
<snip>
c7f81d70d7ae ubifs: Fix default compression selection in ubifs
3331e61b23b1 nvme: fix kernel paging oops
2f99d478ddbd xfs: require both realtime inodes to mount
b2d84967f076 bcache: do not mark writeback_running too early
6f48e23888b9 bcache: do not check if debug dentry is ERR or NULL explicitly on remove
c318f88411a8 rtl818x: fix potential use after free
7cf86c89d7e4 brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373
38b73129c113 brcmfmac: set F2 watermark to 256 for 4373
6138e4b132cd mwifiex: debugfs: correct histogram spacing, formatting
1450ff720076 mwifiex: fix potential NULL dereference and use after free
4912b454e029 arm64: dts: renesas: draak: Fix CVBS input
48d37cc42390 crypto: user - support incremental algorithm dumps
43cd68d7002b s390/zcrypt: make sysfs reset attribute trigger queue reset
5ac0da68eae1 nvme: provide fallback for discard alloc failure
d702d7bc7eb4 scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port
78777dd6174e scsi: qla2xxx: Fix NPIV handling for FC-NVMe
58ab95b03497 scsi: lpfc: Enable Management features for IF_TYPE=6
e772949a3fd6 ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
d411bd858447 ARM: ks8695: fix section mismatch warning
22227437ca68 xfs: zero length symlinks are not valid
4d54a7969524 PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
d2e3e3c3c14b RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
64694b276d74 arm64: preempt: Fix big-endian when checking preempt count in assembly
2ec103458855 RDMA/hns: Fix the bug while use multi-hop of pbl
60da6da4b511 ARM: OMAP1: fix USB configuration for device-only setups
0086d127f90d platform/x86: mlx-platform: Fix LED configuration
08d8ab9615c5 bus: ti-sysc: Check for no-reset and no-idle flags at the child level
4b40393b5240 arm64: smp: Handle errors reported by the firmware
e3d27b94111b arm64: mm: Prevent mismatched 52-bit VA support
57f3359cdabe ARM: dts: Fix hsi gdd range for omap4
9b1f6bde17d6 parisc: Fix HP SDC hpa address output
d18f228f504e parisc: Fix serio address output
72a50a1e1c65 ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
bf39f5b323eb ARM: dts: imx25: Fix memory node duplication
d2eb50e57a5c ARM: dts: imx27: Fix memory node duplication
54750b6f6671 ARM: dts: imx1: Fix memory node duplication
6aeb6bd0eda6 ARM: dts: imx23: Fix memory node duplication
1694780bd4ca ARM: dts: imx50: Fix memory node duplication
2442b4c0f30a ARM: dts: imx6sl: Fix memory node duplication
bae011f4c9a4 ARM: dts: imx6sx: Fix memory node duplication
0990926c9395 ARM: dts: imx6ul: Fix memory node duplication
e021f0ccc4fa ARM: dts: imx7: Fix memory node duplication
a90469345b26 ARM: dts: imx35: Fix memory node duplication
6bc1e695b4be ARM: dts: imx31: Fix memory node duplication
ca02e14bdd7f ARM: dts: imx53: Fix memory node duplication
5a1e6f95733c ARM: dts: imx51: Fix memory node duplication
8c0c8c2a80b2 ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
dee3f7703207 tracing: Lock event_mutex before synth_event_mutex
67547b9b4660 ARM: dts: Fix up SQ201 flash access
ee6d2bedb400 scsi: lpfc: Fix dif and first burst use in write commands
20feb7333049 scsi: lpfc: Fix kernel Oops due to null pring pointers
a8c0f6334e56 scsi: target/tcmu: Fix queue_cmd_ring() declaration
480233f89d42 pwm: bcm-iproc: Prevent unloading the driver module while in use
27d22db4ccf1 block: drbd: remove a stray unlock in __drbd_send_protocol()
51a564498cfb mac80211: fix station inactive_time shortly after boot
b707e0da2791 net/fq_impl: Switch to kvmalloc() for memory allocation
a8a61f82cc9f ceph: return -EINVAL if given fsc mount option on kernel w/o support
0f716cda304b net: mscc: ocelot: fix __ocelot_rmw_ix prototype
a30c6e424fdd net: bcmgenet: reapply manual settings to the PHY
acd6a29134f0 net: bcmgenet: use RGMII loopback for MAC reset
ff3f7465ee98 scripts/gdb: fix debugging modules compiled with hot/cold partitioning
22f4892950b2 ASoC: stm32: sai: add restriction on mmap support
3f034e6889e7 watchdog: meson: Fix the wrong value of left time
7302e7b10855 can: mcp251x: mcp251x_restart_work_handler(): Fix potential force_quit race condition
24e10fc2e0db can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails
ee7981538293 can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
5c8f5485614c can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
eca4b786f3bb can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors
a85ce0107d6b can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM
b83d4e4899d6 can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max
77f94f0d7f52 can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
66e21b7b9251 can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
7559e68ca91f can: peak_usb: report bus recovery as well
c5b0bbef4367 bridge: ebtables: don't crash when using dnat target in output chains
2070b33ee987 net: fec: add missed clk_disable_unprepare in remove
28f34294442b clk: ti: clkctrl: Fix failed to enable error with double udelay timeout
cb5a4049608c clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
1677a0e54937 x86/resctrl: Prevent NULL pointer dereference when reading mondata
8ef58b82d1e4 idr: Fix idr_alloc_u32 on 32-bit systems
88358c7610cc idr: Fix integer overflow in idr_for_each_entry
a6359d5e2d98 powerpc/bpf: Fix tail call implementation
4665759af735 samples/bpf: fix build by setting HAVE_ATTR_TEST to zero
40c3b8fc47b3 ARM: dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend
40017db20bfa clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
49ade064ea4b clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup
15fc2f3c64e7 clk: at91: avoid sleeping early
8885552a061b reset: fix reset_control_ops kerneldoc comment
a94913c0c8cf ARM: dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts
5b15b1bf5428 pinctrl: cherryview: Allocate IRQ chip dynamic
a0554203bc12 clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
80e28fa256c9 ASoC: kirkwood: fix device remove ordering
6a7472add344 ASoC: kirkwood: fix external clock probe defer
a2c2cf16b059 clk: samsung: exynos5433: Fix error paths
9a5933aa1242 reset: Fix memory leak in reset_control_array_put()
e8eb6233be9a ASoC: compress: fix unsigned integer overflow check
7971b7fd5623 ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
daa2c4030510 clocksource/drivers/mediatek: Fix error handling
9c65bb9518ea clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 8 ++++----
meta/recipes-kernel/linux/linux-yocto_4.19.bb | 20 ++++++++++----------
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index b6e0a1e..93c4472 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "2fbf678238302f33b3aec5a2cba829f260744f24"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine ?= "40e34fdcb540e35b1a97e8e52c11dfe52bd68b16"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index e2626ab..76b2467 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "bd239fb802a15c2759ea456dd1f09f5e106fc88a"
-SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine_qemuarm ?= "e2c947b59c650f2aa2f0f88d6af90f9dfb336e04"
+SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index c6e482a..6e3b00e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "v4.19/standard/base"
KBRANCH_qemux86-64 ?= "v4.19/standard/base"
KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "19fa1657d1d82d01647c6f73a2bbf39305505294"
-SRCREV_machine_qemuarm64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemumips ?= "8fb7ab96b84852ee3d9e1d9d9e7bc35e1249b653"
-SRCREV_machine_qemuppc ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemux86 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemux86-64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemumips64 ?= "c8a036abd7d469013dddab15a23e0d2dde1d0000"
-SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine_qemuarm ?= "c8b87f4d12eb957d8a95442a928ef4820037bb55"
+SRCREV_machine_qemuarm64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemumips ?= "94f102eaca76ffdcc3d47ea94b47486d7157c531"
+SRCREV_machine_qemuppc ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemux86 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemux86-64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemumips64 ?= "98288b7e79bc8130c2a889d763c9c1aa15ff4939"
+SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread* [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (7 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
extended partition should reserve at least 2 unallocated sectors
between the start of the extended partition and the start of a
logical partition.
[YOCTO #13658]
(From OE-Core rev: 884c8a0e50a49bdca5e048197a9dc0ff37cc8d1a)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 590555e3b8ccbd94b628aa6778adea7f4538d966)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/lib/wic/plugins/imager/direct.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/lib/wic/plugins/imager/direct.py b/scripts/lib/wic/plugins/imager/direct.py
index 2441cc3..5148df2 100644
--- a/scripts/lib/wic/plugins/imager/direct.py
+++ b/scripts/lib/wic/plugins/imager/direct.py
@@ -403,7 +403,7 @@ class PartitionedImage():
# Reserve a sector for EBR for every logical partition
# before alignment is performed.
if part.type == 'logical':
- self.offset += 1
+ self.offset += 2
align_sectors = 0
if part.align:
@@ -446,7 +446,7 @@ class PartitionedImage():
self.extendedpart = part.num
else:
self.extended_size_sec += align_sectors
- self.extended_size_sec += part.size_sec + 1
+ self.extended_size_sec += part.size_sec + 2
else:
self.primary_part_num += 1
part.num = self.primary_part_num
@@ -512,7 +512,7 @@ class PartitionedImage():
# add a sector at the back, so that there is enough
# room for all logical partitions.
self._create_partition(self.path, "extended",
- None, part.start - 1,
+ None, part.start - 2,
self.extended_size_sec)
if part.fstype == "swap":
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread