All of lore.kernel.org
 help / color / mirror / Atom feed
* [OE-core][dunfell 00/26] Patch review
@ 2021-06-01 14:17 Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317 Steve Sakoman
                   ` (25 more replies)
  0 siblings, 26 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

Please review this next set of patches for dunfell and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2205

The following changes since commit ecd636154e7cfc1349a7cfd8026a85eafa219535:

  build-appliance-image: Update to dunfell head revision (2021-05-24 15:19:42 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (4):
  kernel-yocto: provide debug / summary information for metadata
  linux-yocto/5.4: update to v5.4.117
  linux-yocto/5.4: update to v5.4.118
  linux-yocto/5.4: update to v5.4.119

Changqing Li (2):
  unfs3: correct configure option
  pkgconfig: update SRC_URI

Daniel McGregor (2):
  sstate: Ignore sstate signing key
  lib/oe/gpg_sign.py: Fix gpg verification

Guillaume Champagne (1):
  image-live.bbclass: order do_bootimg after do_rootfs

Ming Liu (2):
  kernel-fitimage.bbclass: fix a wrong conditional check
  initramfs-framework:rootfs: fix wrong indentions

Richard Purdie (7):
  cve-extra-exclusions.inc: add exclusion list for intractable CVE's
  cve-extra-exclusions: Fix typos
  cve-extra-exclusions.inc: Clean up merged CPE updates
  glibc: Add 8GB VM usage cap for usermode test suite
  grub: Exclude CVE-2019-14865 from cve-check
  oeqa/runtime/rpm: Drop log message counting test component
  linux-firmware: upgrade 20210315 -> 20210511

Ross Burton (2):
  cups: whitelist CVE-2021-25317
  package_rpm: pass XZ_THREADS to rpm

Sana Kazi (1):
  openssh: Add fixes for CVEs reported for openssh

Steve Sakoman (1):
  expat: set CVE_PRODUCT

Tony Tascioglu (2):
  libxml2: Reformat runtest.patch
  libxml2: Add bash dependency for ptests.

Volker Vogelhuber (1):
  busybox: make busybox's syslog.cfg depend on
    VIRTUAL-RUNTIME_base-utils-syslog

akash hadke (1):
  tiff: Add fix for CVE-2020-35521 and CVE-2020-35522

 meta/classes/image-live.bbclass               |   2 +-
 meta/classes/kernel-fitimage.bbclass          |   2 +-
 meta/classes/kernel-yocto.bbclass             |  17 ++
 meta/classes/package_rpm.bbclass              |   4 +-
 meta/classes/sstate.bbclass                   |   2 +
 .../distro/include/cve-extra-exclusions.inc   |  73 +++++++++
 meta/lib/oe/gpg_sign.py                       |   2 +-
 meta/lib/oeqa/runtime/cases/rpm.py            |   9 --
 meta/recipes-bsp/grub/grub2.inc               |   3 +
 .../openssh/openssh/CVE-2020-14145.patch      |  97 ++++++++++++
 .../openssh/openssh_8.2p1.bb                  |  13 +-
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   2 +-
 meta/recipes-core/expat/expat_2.2.9.bb        |   2 +
 .../glibc/glibc/check-test-wrapper            |   9 ++
 .../initrdscripts/initramfs-framework/rootfs  |   2 +-
 .../recipes-core/libxml/libxml2/runtest.patch |  45 +++---
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   2 +-
 .../pkgconfig/pkgconfig_git.bb                |   2 +-
 meta/recipes-devtools/unfs3/unfs3_git.bb      |   2 +-
 meta/recipes-extended/cups/cups.inc           |   4 +
 ...20210315.bb => linux-firmware_20210511.bb} |   4 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +--
 ...or_CVE-2020-35521_and_CVE-2020-35522.patch | 148 ++++++++++++++++++
 ...or_CVE-2020-35521_and_CVE-2020-35522.patch |  27 ++++
 .../CVE-2020-35521_and_CVE-2020-35522.patch   | 119 ++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   3 +
 28 files changed, 571 insertions(+), 60 deletions(-)
 create mode 100644 meta/conf/distro/include/cve-extra-exclusions.inc
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210315.bb => linux-firmware_20210511.bb} (99%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35521_and_CVE-2020-35522.patch

-- 
2.25.1


^ permalink raw reply	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 02/26] tiff: Add fix for CVE-2020-35521 and CVE-2020-35522 Steve Sakoman
                   ` (24 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Ross Burton <ross@burtonini.com>

This CVE relates to bad ownership of /var/log/cups, which we don't have.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0792312f3637ec160d2ef90781a8cb1f75b84940)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/cups/cups.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index acad3c98c1..151ef065fe 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -116,3 +116,7 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess"
 cups_sysroot_preprocess () {
 	sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
 }
+
+# -25317 concerns /var/log/cups having lp ownership.  Our /var/log/cups is
+# root:root, so this doesn't apply.
+CVE_CHECK_WHITELIST += "CVE-2021-25317"
\ No newline at end of file
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 02/26] tiff: Add fix for CVE-2020-35521 and CVE-2020-35522
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317 Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 03/26] openssh: Add fixes for CVEs reported for openssh Steve Sakoman
                   ` (23 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: akash hadke <akash.hadke@kpit.com>

Added fix for CVE-2020-35521 and CVE-2020-35522
Link: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef.patch

Added below support patches for CVE-2020-35521 and CVE-2020-35522

1. 001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
Link: https://gitlab.com/libtiff/libtiff/-/commit/02875964eba5c4a2ea98c41562835428214adfe7.patch

2. 002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
Link: https://gitlab.com/libtiff/libtiff/-/commit/ca70b5e702b9f503333344b2d46691de9feae84e.patch

Signed-off-by: akash hadke <akash.hadke@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...or_CVE-2020-35521_and_CVE-2020-35522.patch | 148 ++++++++++++++++++
 ...or_CVE-2020-35521_and_CVE-2020-35522.patch |  27 ++++
 .../CVE-2020-35521_and_CVE-2020-35522.patch   | 119 ++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   3 +
 4 files changed, 297 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/files/001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2020-35521_and_CVE-2020-35522.patch

diff --git a/meta/recipes-multimedia/libtiff/files/001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch b/meta/recipes-multimedia/libtiff/files/001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
new file mode 100644
index 0000000000..9b4724a325
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
@@ -0,0 +1,148 @@
+From 02875964eba5c4a2ea98c41562835428214adfe7 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Sat, 7 Mar 2020 13:21:56 +0100
+Subject: [PATCH] tiff2rgba: output usage to stdout when using -h
+
+also uses std C EXIT_FAILURE / EXIT_SUCCESS
+see #17
+
+Signed-off-by: akash hadke <akash.hadke@kpit.com>
+---
+ tools/tiff2rgba.c | 39 ++++++++++++++++++++++++---------------
+ 1 file changed, 24 insertions(+), 15 deletions(-)
+---
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/02875964eba5c4a2ea98c41562835428214adfe7.patch]
+---
+diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
+index 2eb6f6c4..ef643653 100644
+--- a/tools/tiff2rgba.c
++++ b/tools/tiff2rgba.c
+@@ -39,6 +39,13 @@
+ #include "tiffiop.h"
+ #include "tiffio.h"
+ 
++#ifndef EXIT_SUCCESS
++#define EXIT_SUCCESS 0
++#endif
++#ifndef EXIT_FAILURE
++#define EXIT_FAILURE 1
++#endif
++
+ #define	streq(a,b)	(strcmp(a,b) == 0)
+ #define	CopyField(tag, v) \
+     if (TIFFGetField(in, tag, &v)) TIFFSetField(out, tag, v)
+@@ -68,7 +75,7 @@ main(int argc, char* argv[])
+ 	extern char *optarg;
+ #endif
+ 
+-	while ((c = getopt(argc, argv, "c:r:t:bn8")) != -1)
++	while ((c = getopt(argc, argv, "c:r:t:bn8h")) != -1)
+ 		switch (c) {
+ 			case 'b':
+ 				process_by_block = 1;
+@@ -86,7 +93,7 @@ main(int argc, char* argv[])
+ 				else if (streq(optarg, "zip"))
+ 					compression = COMPRESSION_DEFLATE;
+ 				else
+-					usage(-1);
++					usage(EXIT_FAILURE);
+ 				break;
+ 
+ 			case 'r':
+@@ -105,17 +112,20 @@ main(int argc, char* argv[])
+ 				bigtiff_output = 1;
+ 				break;
+ 
++			case 'h':
++				usage(EXIT_SUCCESS);
++				/*NOTREACHED*/
+ 			case '?':
+-				usage(0);
++				usage(EXIT_FAILURE);
+ 				/*NOTREACHED*/
+ 		}
+ 
+ 	if (argc - optind < 2)
+-		usage(-1);
++		usage(EXIT_FAILURE);
+ 
+ 	out = TIFFOpen(argv[argc-1], bigtiff_output?"w8":"w");
+ 	if (out == NULL)
+-		return (-2);
++		return (EXIT_FAILURE);
+ 
+ 	for (; optind < argc-1; optind++) {
+ 		in = TIFFOpen(argv[optind], "r");
+@@ -132,7 +142,7 @@ main(int argc, char* argv[])
+ 		}
+ 	}
+ 	(void) TIFFClose(out);
+-	return (0);
++	return (EXIT_SUCCESS);
+ }
+ 
+ static int
+@@ -166,7 +176,7 @@ cvt_by_tile( TIFF *in, TIFF *out )
+     if (tile_width != (rastersize / tile_height) / sizeof( uint32))
+     {
+ 	TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
+-	exit(-1);
++	exit(EXIT_FAILURE);
+     }
+     raster = (uint32*)_TIFFmalloc(rastersize);
+     if (raster == 0) {
+@@ -182,7 +192,7 @@ cvt_by_tile( TIFF *in, TIFF *out )
+     if (tile_width != wrk_linesize / sizeof (uint32))
+     {
+         TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
+-	exit(-1);
++	exit(EXIT_FAILURE);
+     }
+     wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
+     if (!wrk_line) {
+@@ -279,7 +289,7 @@ cvt_by_strip( TIFF *in, TIFF *out )
+     if (width != (rastersize / rowsperstrip) / sizeof( uint32))
+     {
+ 	TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
+-	exit(-1);
++	exit(EXIT_FAILURE);
+     }
+     raster = (uint32*)_TIFFmalloc(rastersize);
+     if (raster == 0) {
+@@ -295,7 +305,7 @@ cvt_by_strip( TIFF *in, TIFF *out )
+     if (width != wrk_linesize / sizeof (uint32))
+     {
+         TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
+-	exit(-1);
++	exit(EXIT_FAILURE);
+     }
+     wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
+     if (!wrk_line) {
+@@ -528,7 +538,7 @@ tiffcvt(TIFF* in, TIFF* out)
+             return( cvt_whole_image( in, out ) );
+ }
+ 
+-static char* stuff[] = {
++const static char* stuff[] = {
+     "usage: tiff2rgba [-c comp] [-r rows] [-b] [-n] [-8] input... output",
+     "where comp is one of the following compression algorithms:",
+     " jpeg\t\tJPEG encoding",
+@@ -547,13 +557,12 @@ static char* stuff[] = {
+ static void
+ usage(int code)
+ {
+-	char buf[BUFSIZ];
+ 	int i;
++	FILE * out = (code == EXIT_SUCCESS) ? stdout : stderr;
+ 
+-	setbuf(stderr, buf);
+-        fprintf(stderr, "%s\n\n", TIFFGetVersion());
++        fprintf(out, "%s\n\n", TIFFGetVersion());
+ 	for (i = 0; stuff[i] != NULL; i++)
+-		fprintf(stderr, "%s\n", stuff[i]);
++		fprintf(out, "%s\n", stuff[i]);
+ 	exit(code);
+ }
+ 
+-- 
+GitLab
diff --git a/meta/recipes-multimedia/libtiff/files/002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch b/meta/recipes-multimedia/libtiff/files/002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
new file mode 100644
index 0000000000..b6e1842a54
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch
@@ -0,0 +1,27 @@
+From ca70b5e702b9f503333344b2d46691de9feae84e Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 3 Oct 2020 18:16:27 +0200
+Subject: [PATCH] tiff2rgba.c: fix -Wold-style-declaration warning
+
+Signed-off-by: akash hadke <akash.hadke@kpit.com>
+---
+ tools/tiff2rgba.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+---
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/ca70b5e702b9f503333344b2d46691de9feae84e.patch]
+---
+diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
+index ef643653..fbc383aa 100644
+--- a/tools/tiff2rgba.c
++++ b/tools/tiff2rgba.c
+@@ -538,7 +538,7 @@ tiffcvt(TIFF* in, TIFF* out)
+             return( cvt_whole_image( in, out ) );
+ }
+ 
+-const static char* stuff[] = {
++static const char* stuff[] = {
+     "usage: tiff2rgba [-c comp] [-r rows] [-b] [-n] [-8] input... output",
+     "where comp is one of the following compression algorithms:",
+     " jpeg\t\tJPEG encoding",
+-- 
+GitLab
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2020-35521_and_CVE-2020-35522.patch b/meta/recipes-multimedia/libtiff/files/CVE-2020-35521_and_CVE-2020-35522.patch
new file mode 100644
index 0000000000..129721ff3e
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2020-35521_and_CVE-2020-35522.patch
@@ -0,0 +1,119 @@
+From 98a254f5b92cea22f5436555ff7fceb12afee84d Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Sun, 15 Nov 2020 17:02:51 +0100
+Subject: [PATCH 1/2] enforce (configurable) memory limit in tiff2rgba
+
+fixes #207
+fixes #209
+
+Signed-off-by: akash hadke <akash.hadke@kpit.com>
+---
+ tools/tiff2rgba.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+---
+CVE: CVE-2020-35521
+CVE: CVE-2020-35522
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef.patch]
+---
+diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
+index fbc383aa..764395f6 100644
+--- a/tools/tiff2rgba.c
++++ b/tools/tiff2rgba.c
+@@ -60,6 +60,10 @@ uint32 rowsperstrip = (uint32) -1;
+ int process_by_block = 0; /* default is whole image at once */
+ int no_alpha = 0;
+ int bigtiff_output = 0;
++#define DEFAULT_MAX_MALLOC (256 * 1024 * 1024)
++/* malloc size limit (in bytes)
++ * disabled when set to 0 */
++static tmsize_t maxMalloc = DEFAULT_MAX_MALLOC;
+ 
+ 
+ static int tiffcvt(TIFF* in, TIFF* out);
+@@ -75,8 +79,11 @@ main(int argc, char* argv[])
+ 	extern char *optarg;
+ #endif
+ 
+-	while ((c = getopt(argc, argv, "c:r:t:bn8h")) != -1)
++	while ((c = getopt(argc, argv, "c:r:t:bn8hM:")) != -1)
+ 		switch (c) {
++			case 'M':
++				maxMalloc = (tmsize_t)strtoul(optarg, NULL, 0) << 20;
++				break;
+ 			case 'b':
+ 				process_by_block = 1;
+ 				break;
+@@ -405,6 +412,12 @@ cvt_whole_image( TIFF *in, TIFF *out )
+ 		  (unsigned long)width, (unsigned long)height);
+         return 0;
+     }
++    if (maxMalloc != 0 && (tmsize_t)pixel_count * (tmsize_t)sizeof(uint32) > maxMalloc) {
++	TIFFError(TIFFFileName(in),
++		  "Raster size " TIFF_UINT64_FORMAT " over memory limit (" TIFF_UINT64_FORMAT "), try -b option.",
++		  (uint64)pixel_count * sizeof(uint32), (uint64)maxMalloc);
++        return 0;
++    }
+ 
+     rowsperstrip = TIFFDefaultStripSize(out, rowsperstrip);
+     TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+@@ -530,6 +543,13 @@ tiffcvt(TIFF* in, TIFF* out)
+ 	TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
+ 	CopyField(TIFFTAG_DOCUMENTNAME, stringv);
+ 
++	if (maxMalloc != 0 && TIFFStripSize(in) > maxMalloc)
++	{
++		TIFFError(TIFFFileName(in),
++			  "Strip Size " TIFF_UINT64_FORMAT " over memory limit (" TIFF_UINT64_FORMAT ")",
++			  (uint64)TIFFStripSize(in), (uint64)maxMalloc);
++		return 0;
++	}
+         if( process_by_block && TIFFIsTiled( in ) )
+             return( cvt_by_tile( in, out ) );
+         else if( process_by_block )
+@@ -539,7 +559,7 @@ tiffcvt(TIFF* in, TIFF* out)
+ }
+ 
+ static const char* stuff[] = {
+-    "usage: tiff2rgba [-c comp] [-r rows] [-b] [-n] [-8] input... output",
++    "usage: tiff2rgba [-c comp] [-r rows] [-b] [-n] [-8] [-M size] input... output",
+     "where comp is one of the following compression algorithms:",
+     " jpeg\t\tJPEG encoding",
+     " zip\t\tZip/Deflate encoding",
+@@ -551,6 +571,7 @@ static const char* stuff[] = {
+     " -b (progress by block rather than as a whole image)",
+     " -n don't emit alpha component.",
+     " -8 write BigTIFF file instead of ClassicTIFF",
++    " -M set the memory allocation limit in MiB. 0 to disable limit",
+     NULL
+ };
+ 
+-- 
+GitLab
+
+
+From e9e504193ef1f87e9cb5e986586b0cbe3254e421 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Sun, 15 Nov 2020 17:08:42 +0100
+Subject: [PATCH 2/2] tiff2rgba.1: -M option
+
+---
+ man/tiff2rgba.1 | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/man/tiff2rgba.1 b/man/tiff2rgba.1
+index d9c9baae..fe9ebb2c 100644
+--- a/man/tiff2rgba.1
++++ b/man/tiff2rgba.1
+@@ -87,6 +87,10 @@ Drop the alpha component from the output file, producing a pure RGB file.
+ Currently this does not work if the
+ .B \-b
+ flag is also in effect.
++.TP
++.BI \-M " size"
++Set maximum memory allocation size (in MiB). The default is 256MiB.
++Set to 0 to disable the limit.
+ .SH "SEE ALSO"
+ .BR tiff2bw (1),
+ .BR TIFFReadRGBAImage (3t),
+-- 
+GitLab
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index cfea18ed29..43f210111d 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -12,6 +12,9 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2020-35523.patch  \
            file://CVE-2020-35524-1.patch \
            file://CVE-2020-35524-2.patch \
+           file://001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \
+           file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \
+           file://CVE-2020-35521_and_CVE-2020-35522.patch \
           "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 03/26] openssh: Add fixes for CVEs reported for openssh
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317 Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 02/26] tiff: Add fix for CVE-2020-35521 and CVE-2020-35522 Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 04/26] expat: set CVE_PRODUCT Steve Sakoman
                   ` (22 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Sana Kazi <Sana.Kazi@kpit.com>

Applied patch for CVE-2020-14145
Link: https://anongit.mindrot.org/openssh.git/patch/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

Also, whitelisted below CVEs:

1.CVE-2020-15778:
As per upstream, because of the way scp is based on a historical
protocol called rcp which relies on that style of argument passing
and therefore encounters expansion problems. Making changes to how
the scp command line works breaks the pattern used by scp consumers.
Upstream therefore recommends the use of rsync in the place of
scp for better security. https://bugzilla.redhat.com/show_bug.cgi?id=1860487

2.CVE-2008-3844: It was reported in OpenSSH on Red Hat Enterprise Linux
and certain packages may have been compromised. This CVE is not
applicable as our source is OpenBSD.
Links:
https://securitytracker.com/id?1020730
https://www.securityfocus.com/bid/30794

Also, for CVE-2007-2768 no fix is available yet as it's unavoidable
drawback of using one time passwords as per
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2007-2768
Also it is marked as unimportant on debian
https://security-tracker.debian.org/tracker/CVE-2007-2768

Mailed to CPE to update database for CVE-2020-15778, CVE-2008-3844
and CVE-2007-2768. We can upstream CVE-2020-14145 till we recieve
response from CPE.

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Nisha Parrakat <nishaparrakat@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssh/openssh/CVE-2020-14145.patch      | 97 +++++++++++++++++++
 .../openssh/openssh_8.2p1.bb                  | 13 ++-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
new file mode 100644
index 0000000000..3adb981fb4
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
@@ -0,0 +1,97 @@
+From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 18 Sep 2020 05:23:03 +0000
+Subject: upstream: tweak the client hostkey preference ordering algorithm to
+
+prefer the default ordering if the user has a key that matches the
+best-preference default algorithm.
+
+feedback and ok markus@
+
+OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
+
+Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
+---
+ sshconnect2.c | 41 ++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 38 insertions(+), 3 deletions(-)
+
+CVE: CVE-2020-14145
+Upstream-Status: Backport [https://anongit.mindrot.org/openssh.git/patch/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d]
+Comment: Refreshed first hunk
+
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 347e348c..f64aae66 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshconnect2.c,v 1.320 2020/02/06 22:48:23 djm Exp $ */
++/* $OpenBSD: sshconnect2.c,v 1.326 2020/09/18 05:23:03 djm Exp $ */
+ /*
+  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+  * Copyright (c) 2008 Damien Miller.  All rights reserved.
+@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
+ 	return 0;
+ }
+ 
++/* Returns the first item from a comma-separated algorithm list */
++static char *
++first_alg(const char *algs)
++{
++	char *ret, *cp;
++
++	ret = xstrdup(algs);
++	if ((cp = strchr(ret, ',')) != NULL)
++		*cp = '\0';
++	return ret;
++}
++
+ static char *
+ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ {
+-	char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
++	char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
++	char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
+ 	size_t maxlen;
+-	struct hostkeys *hostkeys;
++	struct hostkeys *hostkeys = NULL;
+ 	int ktype;
+ 	u_int i;
+ 
+@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ 	for (i = 0; i < options.num_system_hostfiles; i++)
+ 		load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+ 
++	/*
++	 * If a plain public key exists that matches the type of the best
++	 * preference HostkeyAlgorithms, then use the whole list as is.
++	 * Note that we ignore whether the best preference algorithm is a
++	 * certificate type, as sshconnect.c will downgrade certs to
++	 * plain keys if necessary.
++	 */
++	best = first_alg(options.hostkeyalgorithms);
++	if (lookup_key_in_hostkeys_by_type(hostkeys,
++	    sshkey_type_plain(sshkey_type_from_name(best)), NULL)) {
++		debug3("%s: have matching best-preference key type %s, "
++		    "using HostkeyAlgorithms verbatim", __func__, best);
++		ret = xstrdup(options.hostkeyalgorithms);
++		goto out;
++	}
++
++	/*
++	 * Otherwise, prefer the host key algorithms that match known keys
++	 * while keeping the ordering of HostkeyAlgorithms as much as possible.
++	 */
+ 	oavail = avail = xstrdup(options.hostkeyalgorithms);
+ 	maxlen = strlen(avail) + 1;
+ 	first = xmalloc(maxlen);
+@@ -159,6 +192,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ 	if (*first != '\0')
+ 		debug3("%s: prefer hostkeyalgs: %s", __func__, first);
+ 
++ out:
++	free(best);
+ 	free(first);
+ 	free(last);
+ 	free(hostname);
+-- 
+cgit v1.2.3
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index 6ed54a8139..64a0a72a8f 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
+           file://CVE-2020-14145.patch \
            "
 SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
 SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"
@@ -35,7 +36,17 @@ CVE_CHECK_WHITELIST += "CVE-2007-2768"
 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
 CVE_CHECK_WHITELIST += "CVE-2014-9278"
 
-# CVE only applies to some distributed RHEL binaries
+# As per upstream, because of the way scp is based on a historical protocol called rcp
+# which relies on that style of argument passing and therefore encounters expansion
+# problems. Making changes to how the scp command line works breaks the pattern used
+# by scp consumers. Upstream therefore recommends the use of rsync in the place of
+# scp for better security. https://bugzilla.redhat.com/show_bug.cgi?id=1860487
+CVE_CHECK_WHITELIST += "CVE-2020-15778"
+
+# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux and
+# certain packages may have been compromised. This CVE is not applicable
+# as our source is OpenBSD. https://securitytracker.com/id?1020730
+# https://www.securityfocus.com/bid/30794
 CVE_CHECK_WHITELIST += "CVE-2008-3844"
 
 PAM_SRC_URI = "file://sshd"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 04/26] expat: set CVE_PRODUCT
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (2 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 03/26] openssh: Add fixes for CVEs reported for openssh Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 05/26] cve-extra-exclusions.inc: add exclusion list for intractable CVE's Steve Sakoman
                   ` (21 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

Upstream database uses both "expat" and "libexpat" to report CVEs

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 706bdcaec5fd7c59d7877bbefa5ed4ce5b4f3da1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/expat/expat_2.2.9.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 8f3db41352..174bf4be1f 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -20,3 +20,5 @@ do_configure_prepend () {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "expat libexpat"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 05/26] cve-extra-exclusions.inc: add exclusion list for intractable CVE's
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (3 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 04/26] expat: set CVE_PRODUCT Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 06/26] cve-extra-exclusions: Fix typos Steve Sakoman
                   ` (20 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The preferred methods for CVE resolution are:

1. Version upgrades where possible
2. Patches where not possible
3. Database updates where version info is incorrect
4. Exclusion from checking where it is determined that the CVE
   does not apply to our environment

In some cases none of these methods are possible. For example the
CVE may be decades old with no apparent resolution, and with broken
links that make further research impractical. Some CVEs are vauge
with no specific action the project can take too.

This patch creates a mechanism for users to remove this type of
CVE from the cve-check results via an optional include file.

Based on an initial patch from Steve Sakoman <steve@sakoman.com>
but extended heavily by RP.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cf282ae03db3f09df42dcd110d7086c2d854642c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../distro/include/cve-extra-exclusions.inc   | 88 +++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 meta/conf/distro/include/cve-extra-exclusions.inc

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
new file mode 100644
index 0000000000..565c8e04cc
--- /dev/null
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -0,0 +1,88 @@
+# This file contains a list of CVE's where resolution has proven to be impractical
+# or there is no reasonable action the Yocto Project can take to resovle the issue.
+# It contains all the information we are aware of about an issue and analysis about
+# why we believe it can't be fixed/handled. Additional information is welcome through
+# patches to the file.
+#
+# Include this file in your local.conf or distro.conf to exclude these CVE's
+# from the cve-check results or add to the bitbake command with:
+#     -R meta/conf/distro/include/cve-extra-exclusions.inc
+#
+# The file is not included by default since users should review this data to ensure
+# it matches their expectations and ussage of the project.
+#
+# Wemay also include "in-flight" information about current/ongoing CVE work with
+# the aim of sharing that work and ensuring we don't duplicate it.
+#
+
+
+# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006
+# CVE is more than 20 years old with no resolution evident
+# broken links in CVE database references make resolution impractical
+CVE_CHECK_WHITELIST += "CVE-2000-0006"
+
+# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238
+# The issue here is spoofing of domain names using characters from other character sets.
+# There has been much discussion amongst the epiphany and webkit developers and
+# whilst there are improvements about how domains are handled and displayed to the user
+# there is unlikely ever to be a single fix to webkit or epiphany which addresses this
+# problem. Whitelisted as there isn't any mitigation or fix or way to progress this further
+# we can seem to take.
+CVE_CHECK_WHITELIST += "CVE-2005-0238"
+
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756
+# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server
+# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681
+# Upstream don't see it as a security issue, ftp servers shouldn't be passing
+# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar
+CVE_CHECK_WHITELIST += "CVE-2010-4756"
+
+# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509
+# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511
+# The encoding/xml package in go can potentially be used for security exploits if not used correctly
+# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
+# exposing this interface in an exploitable way
+CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
+
+
+
+#### CPE update pending ####
+
+# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803
+# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7
+# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
+#CVE_CHECK_WHITELIST += "CVE-2000-0803"
+
+# grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14865
+# Looks like grub-set-bootflag is patched in by Fedora/RHEL:
+# https://src.fedoraproject.org/rpms/grub2/blob/498ea7003b4dd8079fc075fad7e19e0b190d0f97/f/0133-Add-grub-set-bootflag-utility.patch
+# Does not exist in upstream grub2:
+# https://git.savannah.gnu.org/cgit/grub.git/tree/util
+# Reported to the database for update by RP 2021/5/9 Update accepted 2021/5/12
+#CVE_CHECK_WHITELIST += "CVE-2019-14865"
+
+# tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4476 *
+# https://bugzilla.redhat.com/show_bug.cgi?id=280961 - issue affects paxutils included in tar
+# http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4 was the fix
+# included in tar 1.19 and later
+# CPE update sent, may or may not exclude for us
+#CVE_CHECK_WHITELIST += "CVE-2007-4476"
+
+
+
+#### Upstream still working on ####
+
+# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
+# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+# however qemu maintainers are sure the patch is incorrect and should not be applied.
+
+# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293
+# Upstream bug, still open: https://github.com/westes/flex/issues/414
+# Causes memory exhaustion so potential DoS but no buffer overflow, low priority
+
+# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
+# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
+# No response upstream as of 2021/5/12
+
+
+
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 06/26] cve-extra-exclusions: Fix typos
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (4 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 05/26] cve-extra-exclusions.inc: add exclusion list for intractable CVE's Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 07/26] cve-extra-exclusions.inc: Clean up merged CPE updates Steve Sakoman
                   ` (19 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4d4644e7c127e8b88b180635124e8afc905c69e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 565c8e04cc..b2816c3dd5 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -1,17 +1,17 @@
 # This file contains a list of CVE's where resolution has proven to be impractical
-# or there is no reasonable action the Yocto Project can take to resovle the issue.
+# or there is no reasonable action the Yocto Project can take to resolve the issue.
 # It contains all the information we are aware of about an issue and analysis about
 # why we believe it can't be fixed/handled. Additional information is welcome through
 # patches to the file.
 #
 # Include this file in your local.conf or distro.conf to exclude these CVE's
 # from the cve-check results or add to the bitbake command with:
-#     -R meta/conf/distro/include/cve-extra-exclusions.inc
+#     -R conf/distro/include/cve-extra-exclusions.inc
 #
 # The file is not included by default since users should review this data to ensure
-# it matches their expectations and ussage of the project.
+# it matches their expectations and usage of the project.
 #
-# Wemay also include "in-flight" information about current/ongoing CVE work with
+# We may also include "in-flight" information about current/ongoing CVE work with
 # the aim of sharing that work and ensuring we don't duplicate it.
 #
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 07/26] cve-extra-exclusions.inc: Clean up merged CPE updates
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (5 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 06/26] cve-extra-exclusions: Fix typos Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 08/26] busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog Steve Sakoman
                   ` (18 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d2ba6d58e77430cceeca9db61fdb06882a92e1e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index b2816c3dd5..cf07acce1d 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -53,21 +53,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
 # so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10.
 #CVE_CHECK_WHITELIST += "CVE-2000-0803"
 
-# grub:grub-efi:grub-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14865
-# Looks like grub-set-bootflag is patched in by Fedora/RHEL:
-# https://src.fedoraproject.org/rpms/grub2/blob/498ea7003b4dd8079fc075fad7e19e0b190d0f97/f/0133-Add-grub-set-bootflag-utility.patch
-# Does not exist in upstream grub2:
-# https://git.savannah.gnu.org/cgit/grub.git/tree/util
-# Reported to the database for update by RP 2021/5/9 Update accepted 2021/5/12
-#CVE_CHECK_WHITELIST += "CVE-2019-14865"
-
-# tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4476 *
-# https://bugzilla.redhat.com/show_bug.cgi?id=280961 - issue affects paxutils included in tar
-# http://cvs.savannah.gnu.org/viewvc/paxutils/paxutils/paxlib/names.c?r1=1.2&r2=1.4 was the fix
-# included in tar 1.19 and later
-# CPE update sent, may or may not exclude for us
-#CVE_CHECK_WHITELIST += "CVE-2007-4476"
-
 
 
 #### Upstream still working on ####
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 08/26] busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (6 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 07/26] cve-extra-exclusions.inc: Clean up merged CPE updates Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 09/26] kernel-yocto: provide debug / summary information for metadata Steve Sakoman
                   ` (17 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Volker Vogelhuber <v.vogelhuber@digitalendoscopy.de>

syslog.cfg is added to the list of sources for busybox
independent of the VIRTUAL-RUNTIME_base-utils-syslog variable. So even
if VIRTUAL-RUNTIME_base-utils-syslog being set e.g. to empty, syslogd will
be enabled. So only include syslog.cfg in SRC_URI if
VIRTUAL-RUNTIME_base-utils-syslog is set to busybox-syslog.

Signed-off-by: Volker Vogelhuber <v.vogelhuber@digitalendoscopy.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/busybox/busybox_1.31.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb
index 7563368287..93a1613df2 100644
--- a/meta/recipes-core/busybox/busybox_1.31.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.31.1.bb
@@ -34,7 +34,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://resize.cfg \
            ${@["", "file://init.cfg"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]} \
            ${@["", "file://mdev.cfg"][(d.getVar('VIRTUAL-RUNTIME_dev_manager') == 'busybox-mdev')]} \
-           file://syslog.cfg \
+           ${@["", "file://syslog.cfg"][(d.getVar('VIRTUAL-RUNTIME_base-utils-syslog') == 'busybox-syslog')]} \
            file://unicode.cfg \
            file://rcS \
            file://rcK \
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 09/26] kernel-yocto: provide debug / summary information for metadata
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (7 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 08/26] busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 10/26] linux-yocto/5.4: update to v5.4.117 Steve Sakoman
                   ` (16 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

It was mentioned that when developing a BSP, the information about what
definition was used, or what fragments have been applied is not obvious
and requires looking at the code.

With this change, we can trigger a full summary of the meta data gathering
phase when KCONF_AUDIT_LEVEL > 0.

Sample output follows:

   NOTE: do_kernel_metadata: for summary/debug, set KCONF_AUDIT_LEVEL > 0
   NOTE: kernel meta data summary for qemux86-64 (standard):
   NOTE:
   ======================================================================
   NOTE: BSP entry point / definition:
   /build/tmp/work/qemux86_64-poky-linux/linux-yocto/5.10.34+gitAUTOINC+bca3bfbc74_85c17ad073-r0/kernel-meta/bsp/common-pc-64/common-pc-64-standard.scc
   NOTE: Fragments from SRC_URI:
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/xt-checksum.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/ebtables.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/vswitch.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/lxc.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/docker.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/cgroup-hugetlb.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/xen.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/kubernetes.scc
   NOTE: KERNEL_FEATURES:  features/nfsd/nfsd-enable.scc
   features/debug/printk.scc features/kernel-sample/kernel-sample.scc
   features/netfilter/netfilter.scc cfg/virtio.scc
   features/drm-bochs/drm-bochs.scc cfg/sound.scc cfg/paravirt_kvm.scc
   features/scsi/scsi-debug.scc features/gpio/mockup.scc
   features/aufs/aufs-enable.scc cfg/fs/flash_fs.scc cfg/virtio.scc
   NOTE: Final scc/cfg list:
   /build/tmp/work/qemux86_64-poky-linux/linux-yocto/5.10.34+gitAUTOINC+bca3bfbc74_85c17ad073-r0/kernel-meta/bsp/common-pc-64/common-pc-64-standard.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/xt-checksum.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/ebtables.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/vswitch.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/lxc.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/docker.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/cgroup-hugetlb.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/xen.scc
   /poky/meta-virtualization/recipes-kernel/linux/linux-yocto/kubernetes.scc
   features/nfsd/nfsd-enable.scc features/debug/printk.scc
   features/kernel-sample/kernel-sample.scc
   features/netfilter/netfilter.scc cfg/virtio.scc
   features/drm-bochs/drm-bochs.scc cfg/sound.scc cfg/paravirt_kvm.scc
   features/scsi/scsi-debug.scc features/gpio/mockup.scc
   features/aufs/aufs-enable.scc cfg/fs/flash_fs.scc cfg/virtio.scc

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b95b11e130e91cb7c5e65f0f9a1c655bcbcbc919)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-yocto.bbclass | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index ec5fb7b1de..66cce92362 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -105,6 +105,8 @@ do_kernel_metadata() {
 	cd ${S}
 	export KMETA=${KMETA}
 
+	bbnote "do_kernel_metadata: for summary/debug, set KCONF_AUDIT_LEVEL > 0"
+
 	# if kernel tools are available in-tree, they are preferred
 	# and are placed on the path before any external tools. Unless
 	# the external tools flag is set, in that case we do nothing.
@@ -252,6 +254,21 @@ do_kernel_metadata() {
 			bbfatal_log "Could not generate configuration queue for ${KMACHINE}."
 		fi
 	fi
+
+	if [ ${KCONF_AUDIT_LEVEL} -gt 0 ]; then
+		bbnote "kernel meta data summary for ${KMACHINE} (${LINUX_KERNEL_TYPE}):"
+		bbnote "======================================================================"
+		if [ -n "${KMETA_EXTERNAL_BSPS}" ]; then
+			bbnote "Non kernel-cache (external) bsp"
+		fi
+		bbnote "BSP entry point / definition: $bsp_definition"
+		if [ -n "$in_tree_defconfig" ]; then
+			bbnote "KBUILD_DEFCONFIG: ${KBUILD_DEFCONFIG}"
+		fi
+		bbnote "Fragments from SRC_URI: $sccs_from_src_uri"
+		bbnote "KERNEL_FEATURES: $KERNEL_FEATURES_FINAL"
+		bbnote "Final scc/cfg list: $sccs_defconfig $bsp_definition $sccs $KERNEL_FEATURES_FINAL"
+	fi
 }
 
 do_patch() {
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 10/26] linux-yocto/5.4: update to v5.4.117
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (8 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 09/26] kernel-yocto: provide debug / summary information for metadata Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:17 ` [OE-core][dunfell 11/26] linux-yocto/5.4: update to v5.4.118 Steve Sakoman
                   ` (15 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    b5dbcd05792a Linux 5.4.117
    0ee3bfc2c31e vfio: Depend on MMU
    b246759284d6 perf/core: Fix unconditional security_locked_down() call
    a1e6a0d1e6cf ovl: allow upperdir inside lowerdir
    8198962021fd scsi: ufs: Unlock on a couple error paths
    91aa2644a3ab platform/x86: thinkpad_acpi: Correct thermal sensor allocation
    164f74391822 USB: Add reset-resume quirk for WD19's Realtek Hub
    5922dfc42ac8 USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
    314192f055d9 ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
    6cede11149bf perf ftrace: Fix access to pid in array when setting a pid filter
    ad4659935e11 perf data: Fix error return code in perf_data__create_dir()
    cbc6b467610c iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
    c7166a529e2b avoid __memcat_p link failure
    8ba25a9ef9b9 bpf: Fix leakage of uninitialized bpf stack under speculation
    53e0db429b37 bpf: Fix masking negation logic upon negative dst register
    b0c8fe7ef797 iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
    43b515c52942 igb: Enable RSS for Intel I211 Ethernet Controller
    354520d3ea81 net: usb: ax88179_178a: initialize local variables before use
    55714a57f369 ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
    b3041510f0fc ACPI: tables: x86: Reserve memory occupied by ACPI tables
    91b08c5319a5 mips: Do not include hi and lo in clobber list for R6

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0bb2a057ed02b94e6f12b0508b5d7f4a535b1ca0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index c2d0458073..3902243acb 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b62ae8bedb024e67e7c5cda51840454a4170c858"
-SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7"
+SRCREV_machine ?= "ccf88860c16c9f2fae90da1ba46074b09d98a0a2"
+SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.116"
+LINUX_VERSION ?= "5.4.117"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 1c3fe73ae5..61779fbcf6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.116"
+LINUX_VERSION ?= "5.4.117"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "80bd6016a9bdaed4b66ddffffa8c8e62d7c1f8a6"
-SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7"
+SRCREV_machine_qemuarm ?= "2c64c9c438ec34cbdef929338fea304b726cac3f"
+SRCREV_machine ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 094427cb02..c76020ff51 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "e71df0530eefcac1b3248329e385bcefbad6336e"
-SRCREV_machine_qemuarm64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_machine_qemumips ?= "07445052fdd15e60b30dc5ae9d162c2e6bba47d1"
-SRCREV_machine_qemuppc ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_machine_qemuriscv64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_machine_qemux86 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_machine_qemux86-64 ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_machine_qemumips64 ?= "b36d79d6f2aaf9dadec352f611e7b9becf2b9a55"
-SRCREV_machine ?= "ea7a54fa402727f3c4bc4a1904d4a9590e7c8b85"
-SRCREV_meta ?= "b89df7433ea8124d3092805391b78808df4147a7"
+SRCREV_machine_qemuarm ?= "00362a9e9116bf12dd4ae468caf822b85106cc7c"
+SRCREV_machine_qemuarm64 ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_machine_qemumips ?= "603a0985e29b703dbb535c72f08eb6f9119e0863"
+SRCREV_machine_qemuppc ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_machine_qemuriscv64 ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_machine_qemux86 ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_machine_qemux86-64 ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_machine_qemumips64 ?= "21a474630e254696cfd46f1ee9c202ab8e85e38f"
+SRCREV_machine ?= "2744384587f1de0551f517cc7be1984077e95329"
+SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.116"
+LINUX_VERSION ?= "5.4.117"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 11/26] linux-yocto/5.4: update to v5.4.118
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (9 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 10/26] linux-yocto/5.4: update to v5.4.117 Steve Sakoman
@ 2021-06-01 14:17 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 12/26] linux-yocto/5.4: update to v5.4.119 Steve Sakoman
                   ` (14 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:17 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    16022114de98 Linux 5.4.118
    a992a283c0b7 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
    569bae00ebbe dm integrity: fix missing goto in bitmap_flush_interval error handling
    ff8fd1e3b58a dm space map common: fix division bug in sm_ll_find_free_block()
    6fcaa44105aa dm persistent data: packed struct should have an aligned() attribute too
    c64da3294a7d tracing: Restructure trace_clock_global() to never block
    0834094c9a08 tracing: Map all PIDs to command lines
    8768085ba271 rsi: Use resume_noirq for SDIO
    55aa314a1a6c tty: fix memory leak in vc_deallocate
    943131fda33b usb: dwc2: Fix session request interrupt handler
    5bd06fc6b02c usb: dwc3: gadget: Fix START_TRANSFER link state check
    0790fdbf37ee usb: gadget/function/f_fs string table fix for multiple languages
    3b8b63be230f usb: gadget: Fix double free of device descriptor pointers
    efa99087ea69 usb: gadget: dummy_hcd: fix gpf in gadget_setup
    ffe824c0e35a media: staging/intel-ipu3: Fix race condition during set_fmt
    a03fb1e8a110 media: staging/intel-ipu3: Fix set_fmt error handling
    ff792ae52005 media: staging/intel-ipu3: Fix memory leak in imu_fmt
    ae37aee56cad media: dvb-usb: Fix memory leak at error in dvb_usb_device_init()
    e5c27c2ae2f2 media: dvb-usb: Fix use-after-free access
    9185b3b1c143 media: dvbdev: Fix memory leak in dvb_media_device_free()
    92eb134265fa ext4: fix error code in ext4_commit_super
    c599462ab9c3 ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
    9c61387630a5 ext4: fix check to prevent false positive report of incorrect used inodes
    79c95130a52a kbuild: update config_data.gz only when the content of .config is changed
    19c8c34a8b80 x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
    8d2be04dbb17 Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
    2b040d13b411 jffs2: check the validity of dstlen in jffs2_zlib_compress()
    564b1868f229 Fix misc new gcc warnings
    8aa728568202 security: commoncap: fix -Wstringop-overread warning
    be8db260f482 fuse: fix write deadlock
    dc21b424861a dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
    6920cef604fa md/raid1: properly indicate failure when ending a failed write request
    5f2d256875a5 crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS
    63a25b715633 tpm: vtpm_proxy: Avoid reading host log when using a virtual device
    2f12258b5224 tpm: efi: Use local variable for calculating final log size
    2af501de8f43 intel_th: pci: Add Alder Lake-M support
    ab5d5c9dfd02 powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
    abf3573ef4e7 powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
    077f526fe3cc jffs2: Fix kasan slab-out-of-bounds problem
    ad3f360ef20f Input: ili210x - add missing negation for touch indication on ili210x
    6be0e4b59314 NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
    12ccd59941e3 NFS: Don't discard pNFS layout segments that are marked for return
    504632a3577a ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
    490ad0a23904 openvswitch: fix stack OOB read while fragmenting IPv4 packets
    9508634b2b18 mlxsw: spectrum_mr: Update egress RIF list before route's action
    27a130638406 f2fs: fix to avoid out-of-bounds memory access
    6c9b98a66d0a ubifs: Only check replay with inode type to judge if inode linked
    310efc95c72c virtiofs: fix memory leak in virtio_fs_probe()
    2b28e26bd776 Makefile: Move -Wno-unused-but-set-variable out of GCC only block
    13a474c01353 arm64/vdso: Discard .note.gnu.property sections in vDSO
    f40bf82bf693 btrfs: fix race when picking most recent mod log operation for an old root
    2bc0131d5be0 ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
    45392da1bd91 ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
    ee47a6414950 ALSA: hda/realtek: fix mic boost on Intel NUC 8
    d143cd1f8f6b ALSA: hda/realtek: GA503 use same quirks as GA401
    f2b75e357816 ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
    2136ecfcf3d9 ALSA: usb-audio: More constifications
    adba683c573d ALSA: usb-audio: Explicitly set up the clock selector
    93588ea2fbd4 ALSA: sb: Fix two use after free in snd_sb_qsound_build
    1666f1ac383f ALSA: hda/conexant: Re-order CX5066 quirk table entries
    b53b72ef83ff ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
    a65181cfd953 s390/archrandom: add parameter check for s390_arch_random_generate
    ef00a39e2c78 scsi: libfc: Fix a format specifier
    02c13900477c mfd: arizona: Fix rumtime PM imbalance on error
    0d0e6dbd5fca scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
    0756818b4d3b scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode
    f67fc8095bbe scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
    82bc134b93b5 drm/amdgpu: fix NULL pointer dereference
    4b65414ea416 amdgpu: avoid incorrect %hu format string
    443fdd7b4bc3 drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
    c49981759450 drm/msm/mdp5: Do not multiply vclk line count by 100
    336e7e758640 drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
    b56ad4febe67 sched/fair: Ignore percpu threads for imbalance pulls
    53995be39f93 media: gscpa/stv06xx: fix memory leak
    3a855efb5426 media: dvb-usb: fix memory leak in dvb_usb_adapter_init
    4ca05c0e04d5 media: platform: sti: Fix runtime PM imbalance in regs_show
    47be6867d2d0 media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
    f6b97476053d media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
    cc265fb8e549 media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
    48304f37ce81 media: adv7604: fix possible use-after-free in adv76xx_remove()
    b76249a0a64e media: tc358743: fix possible use-after-free in tc358743_remove()
    b25324cf16f5 power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
    ac22a96c7388 power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
    e0be54070ba1 clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
    330753d38f26 media: vivid: update EDID
    71b75e6e2410 media: em28xx: fix memory leak
    cfb42c1bcce8 scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
    1a22a9fde806 scsi: smartpqi: Add new PCI IDs
    7973764b5454 scsi: smartpqi: Correct request leakage during reset operations
    7d77ac088fd7 ata: ahci: Disable SXS for Hisilicon Kunpeng920
    1f3daf672a13 mmc: sdhci-pci: Add PCI IDs for Intel LKF
    40fdaa2d149b scsi: qla2xxx: Fix use after free in bsg
    2cb8ce1d79d3 drm/vkms: fix misuse of WARN_ON
    3f67d5b6f943 scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
    48425948d2b6 drm/amd/display: fix dml prefetch validation
    cd148571eab0 drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
    e81f4da43b1d drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
    0c0356ef2498 drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
    888b482dbe26 drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
    8d802ad28f9c power: supply: Use IRQF_ONESHOT
    bc73cb52997d media: gspca/sq905.c: fix uninitialized variable
    bec3831f5108 media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
    20065ae0056a extcon: arizona: Fix various races on driver unbind
    32990455bd12 extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
    22ee443ac784 power: supply: bq27xxx: fix power_avg for newer ICs
    5bc128a16333 media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
    e18cee768a6e media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
    a2e71d2d797d media: ite-cir: check for receive overflow
    78829d2ec594 scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
    a27784943a96 scsi: lpfc: Fix pt2pt connection does not recover after LOGO
    52d2b4370a9d scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
    2b847dc1f662 drm/amd/display: Don't optimize bandwidth before disabling planes
    84b03026cccc drm/amd/display: Check for DSC support instead of ASIC revision
    bbf11337ded8 drm/qxl: release shadow on shutdown
    a7d964da5d17 drm: Added orientation quirk for OneGX1 Pro
    567c83104471 btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
    3260434687cc platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
    229d2c12f1eb crypto: omap-aes - Fix PM reference leak on omap-aes.c
    5c411b92439d crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
    e6d5c66737a9 crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
    e7138a6d6a4d phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
    349f95248bce intel_th: Consistency and off-by-one fix
    86f4ac7ca448 tty: n_gsm: check error while registering tty devices
    665dbcf35508 usb: core: hub: Fix PM reference leak in usb_port_resume()
    b8035ac2ad08 usb: musb: fix PM reference leak in musb_irq_work()
    972639ed7b90 spi: qup: fix PM reference leak in spi_qup_remove()
    0adc0e0c87ff spi: omap-100k: Fix reference leak to master
    d6aa2fcd8566 spi: dln2: Fix reference leak to master
    99569ac2e97c xhci: fix potential array out of bounds with several interrupters
    99c82db050ae xhci: check control context is valid before dereferencing it.
    6f34d2ab34ed usb: xhci-mtk: support quirk to disable usb2 lpm
    d95748f23084 perf/arm_pmu_platform: Fix error handling
    fe53f8fd64d7 tee: optee: do not check memref size on return from Secure World
    dda2bc82891c x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
    ee68dd4e502f PCI: PM: Do not read power state in pci_enable_device_flags()
    52b4b9d250d4 usb: xhci: Fix port minor revision
    c13c8354fd58 usb: dwc3: gadget: Ignore EP queue requests during bus reset
    9f3c7e0074b7 usb: gadget: f_uac1: validate input parameters
    a10fb8a1c70a usb: gadget: f_uac2: validate input parameters
    a629f6bc034a genirq/matrix: Prevent allocation counter corruption
    1b2207a19664 usb: webcam: Invalid size of Processing Unit Descriptor
    4cc65c749d58 usb: gadget: uvc: add bInterval checking for HS mode
    28da0edb56ae crypto: qat - fix unmap invalid dma address
    69f1a9702d3f crypto: api - check for ERR pointers in crypto_destroy_tfm()
    8ac79bdcc0c4 spi: ath79: remove spi-master setup and cleanup assignment
    4d6a20917fda spi: ath79: always call chipselect function
    e24b9cded4bc staging: wimax/i2400m: fix byte-order issue
    ce64f57a0fe0 bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first
    4928d3b02083 fbdev: zero-fill colormap in fbcmap.c
    1c5cb86cdd7f posix-timers: Preserve return value in clock_adjtime32()
    e07d0fd8d64f intel_th: pci: Add Rocket Lake CPU support
    b6635915a3c3 btrfs: fix metadata extent leak after failure to create subvolume
    93f3339b22ba cifs: Return correct error code from smb2_get_enc_key
    e7ea8e46e3b7 irqchip/gic-v3: Do not enable irqs when handling spurious interrups
    13b0a28e6fef modules: inherit TAINT_PROPRIETARY_MODULE
    cd5a738e28ac modules: return licensing information from find_symbol
    c4698910a9af modules: rename the licence field in struct symsearch to license
    7500d4999431 modules: unexport __module_address
    ad6d414703d7 modules: unexport __module_text_address
    86de29b833e6 modules: mark each_symbol_section static
    79100b191e71 modules: mark find_symbol static
    6e38daf2e5db modules: mark ref_module static
    909a01b95120 mmc: core: Fix hanging on I/O during system suspend for removable cards
    c80524b9e418 mmc: core: Set read only for SD cards with permanent write protect bit
    42998c98ce9f mmc: core: Do a power cycle when the CMD11 fails
    1b45fcf11d28 mmc: block: Issue a cache flush only when it's enabled
    2fb68f705c56 mmc: block: Update ext_csd.cache_ctrl if it was written
    4e438ff2d967 mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers
    698df555cc5f mmc: sdhci: Check for reset prior to DMA address unmap
    0d8941b9b2d3 mmc: uniphier-sd: Fix a resource leak in the remove function
    06e48bb631d3 mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
    21171ede4337 scsi: mpt3sas: Block PCI config access from userspace during reset
    77509a238547 scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
    e45acaddd64b spi: spi-ti-qspi: Free DMA resources
    c57af0be7722 erofs: add unsupported inode i_format check
    49fc21a47e93 mtd: rawnand: atmel: Update ecc_stats.corrected counter
    3ef6813bb3a4 mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
    fd1772305002 ecryptfs: fix kernel panic with null dev_name
    e057164f8731 arm64: dts: mt8173: fix property typo of 'phys' in dsi node
    527edae13d24 arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
    34ae75d699fd ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
    0b641b25870f ftrace: Handle commands when closing set_ftrace_filter file
    6a4f786f8eb5 ACPI: custom_method: fix a possible memory leak
    72814a94c38a ACPI: custom_method: fix potential use-after-free issue
    b691331218d0 s390/disassembler: increase ebpf disasm buffer size

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d4609d4bb709db887b5302077f89a14c05b1edc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 3902243acb..192f4fccaa 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "ccf88860c16c9f2fae90da1ba46074b09d98a0a2"
-SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
+SRCREV_machine ?= "8cfbd0ce8afc58d4e73765fc2b84d0cf4144f0f1"
+SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.117"
+LINUX_VERSION ?= "5.4.118"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 61779fbcf6..bc8dff54f1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.117"
+LINUX_VERSION ?= "5.4.118"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "2c64c9c438ec34cbdef929338fea304b726cac3f"
-SRCREV_machine ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
+SRCREV_machine_qemuarm ?= "856d692bf93a8b33482d05c7dfc76f8f51506c16"
+SRCREV_machine ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index c76020ff51..acfbd1c9cf 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "00362a9e9116bf12dd4ae468caf822b85106cc7c"
-SRCREV_machine_qemuarm64 ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_machine_qemumips ?= "603a0985e29b703dbb535c72f08eb6f9119e0863"
-SRCREV_machine_qemuppc ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_machine_qemuriscv64 ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_machine_qemux86 ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_machine_qemux86-64 ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_machine_qemumips64 ?= "21a474630e254696cfd46f1ee9c202ab8e85e38f"
-SRCREV_machine ?= "2744384587f1de0551f517cc7be1984077e95329"
-SRCREV_meta ?= "8b98855aa2eae3f9c30601a0f8da281cb3b5e4b7"
+SRCREV_machine_qemuarm ?= "161dbe7187d5de2c6c0f7ab8ab43041e6f1d42bc"
+SRCREV_machine_qemuarm64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_machine_qemumips ?= "7731d7417fce687fd880da263e12d4cd96ba5bc5"
+SRCREV_machine_qemuppc ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_machine_qemuriscv64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_machine_qemux86 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_machine_qemux86-64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_machine_qemumips64 ?= "e1a389552633ff7df9f8d003503a69f844539db7"
+SRCREV_machine ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
+SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.117"
+LINUX_VERSION ?= "5.4.118"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 12/26] linux-yocto/5.4: update to v5.4.119
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (10 preceding siblings ...)
  2021-06-01 14:17 ` [OE-core][dunfell 11/26] linux-yocto/5.4: update to v5.4.118 Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 13/26] libxml2: Reformat runtest.patch Steve Sakoman
                   ` (13 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    b82e5721a173 Linux 5.4.119
    6b183fbf18b9 Revert "fdt: Properly handle "no-map" field in the memory region"
    66b8853dfa3c Revert "of/fdt: Make sure no-map does not remove already reserved regions"
    3fe9ee040fb7 sctp: delay auto_asconf init until binding the first addr
    e1bf000709cc Revert "net/sctp: fix race condition in sctp_destroy_sock"
    32e046965fac smp: Fix smp_call_function_single_async prototype
    9884f745108f net: Only allow init netns to set default tcp cong to a restricted algo
    4a83a9deead9 mm/memory-failure: unnecessary amount of unmapping
    de143fb2feac mm/sparse: add the missing sparse_buffer_fini() in error branch
    ba450bba7115 kfifo: fix ternary sign extension bugs
    24c54e0a9747 net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
    07ef3f7bc5c4 net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
    da5b49598a11 RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
    30b9e92d0b5e RDMA/siw: Fix a use after free in siw_alloc_mr
    55fcdd1258fa net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
    b1523e4ba293 bnxt_en: Fix RX consumer index logic in the error path.
    d1ad9f2f7e2d selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry static
    6f92124d7441 net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
    06e03b867d96 arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
    978170191d3d ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
    4bfea784ea35 bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
    10ff6ad91e0d powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
    c6af4c1d196e ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
    bf0be675e646 ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
    87fc6b2914e5 net: phy: intel-xway: enable integrated led functions
    57bed78ce64a net: renesas: ravb: Fix a stuck issue when a lot of frames are received
    27a894a9556f net: davinci_emac: Fix incorrect masking of tx and rx error channel
    8d77c9564309 ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
    59f965ef61d7 RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
    d7ba506b00ea RDMA/cxgb4: add missing qpid increment
    f7368865da57 gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check
    e97aea9f2503 vsock/vmci: log once the failed queue pair allocation
    469135100325 mwl8k: Fix a double Free in mwl8k_probe_hw
    afb735e764ba i2c: sh7760: fix IRQ error path
    da80b35b6e26 rtlwifi: 8821ae: upgrade PHY and RF parameters
    b1b8d90d4550 powerpc/pseries: extract host bridge from pci_bus prior to bus removal
    bdad13dd15e2 MIPS: pci-legacy: stop using of_pci_range_to_resource
    5950c9d7f987 perf beauty: Fix fsconfig generator
    0ff76bd07bc4 drm/i915/gvt: Fix error code in intel_gvt_init_device()
    ecfbcb858007 ASoC: ak5558: correct reset polarity
    c77bf004717d powerpc/xive: Fix xmon command "dxi"
    65b771660f57 i2c: sh7760: add IRQ check
    cb834ff29bdb i2c: jz4780: add IRQ check
    aa90700f953a i2c: emev2: add IRQ check
    45f02a0f8ded i2c: cadence: add IRQ check
    7e1764312440 i2c: sprd: fix reference leak when pm_runtime_get_sync fails
    5f51ddcbfc78 i2c: omap: fix reference leak when pm_runtime_get_sync fails
    815859cb1d23 i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
    4734c4b1d957 i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
    ed016b77012e RDMA/srpt: Fix error return code in srpt_cm_req_recv()
    e1d10b2cc792 net: thunderx: Fix unintentional sign extension issue
    b0d8fa3adc9d cxgb4: Fix unintentional sign extension issues
    05692b952365 IB/hfi1: Fix error return code in parse_platform_config()
    53656a2a0183 RDMA/qedr: Fix error return code in qedr_iw_connect()
    bf365066fbe0 KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
    af5a87a1d413 mt7601u: fix always true expression
    53ada35f2ecc mac80211: bail out if cipher schemes are invalid
    22cb8496f290 powerpc: iommu: fix build when neither PCI or IBMVIO is set
    5aa028a827fe powerpc/perf: Fix PMU constraint check for EBB events
    73f9dccb29e4 powerpc/64s: Fix pte update for kernel memory on radix
    440fead0fc81 liquidio: Fix unintented sign extension of a left shift of a u16
    92626cf41b0e ASoC: simple-card: fix possible uninitialized single_cpu local variable
    e1b01d914c31 ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
    11fa9b38e030 mips: bmips: fix syscon-reboot nodes
    c8f7e2e04724 net: hns3: Limiting the scope of vector_ring_chain variable
    cab33b3b6da8 nfc: pn533: prevent potential memory corruption
    efb0f45b4535 bug: Remove redundant condition check in report_bug
    7628bc544ba8 ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
    3733a64d5828 powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
    fee81285bd09 inet: use bigger hash table for IP ID generation
    318993949423 powerpc/prom: Mark identical_pvr_fixup as __init
    4543fcd6835b powerpc/fadump: Mark fadump_calculate_reserve_size as __init
    e00c5b9eebf0 net: lapbether: Prevent racing when checking whether the netif is running
    f937a0f6ada1 perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
    1121f5f3d440 HID: plantronics: Workaround for double volume key presses
    59021008b317 drivers/block/null_blk/main: Fix a double free in null_init.
    279749d0d4ef sched/debug: Fix cgroup_path[] serialization
    c01fc0adba30 x86/events/amd/iommu: Fix sysfs type mismatch
    846357609409 HSI: core: fix resource leaks in hsi_add_client_from_dt()
    ff386ac05098 nvme-pci: don't simple map sgl when sgls are disabled
    7e1ab103f63f mfd: stm32-timers: Avoid clearing auto reload register
    e8fe98f6ec69 scsi: ibmvfc: Fix invalid state machine BUG_ON()
    ce8585f979e4 scsi: sni_53c710: Add IRQ check
    1ff0b82c6674 scsi: sun3x_esp: Add IRQ check
    4b94098f0aa7 scsi: jazz_esp: Add IRQ check
    ae0cadd35daf scsi: hisi_sas: Fix IRQ checks
    6adac4efe77d clk: uniphier: Fix potential infinite loop
    e1a5c8594c0e clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
    6c9bbf98b1d8 clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
    3d81ce0cfb31 vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
    e6707395c839 media: v4l2-ctrls.c: fix race condition in hdl->requests list
    b22867aa3d32 nvme: retrigger ANA log update if group descriptor isn't found
    999d606a820c nvmet-tcp: fix incorrect locking in state_change sk callback
    ced0760eb45a nvme-tcp: block BH in sk state_change sk callback
    4bbae57c7bde ata: libahci_platform: fix IRQ check
    bafcaa016585 sata_mv: add IRQ checks
    782ec39b37bd pata_ipx4xx_cf: fix IRQ check
    af9c0391353d pata_arasan_cf: fix IRQ check
    c66229b36fd3 x86/kprobes: Fix to check non boostable prefixes correctly
    1cfaa6444a5e drm/amdkfd: fix build error with AMD_IOMMU_V2=m
    bfd83cf79b7f media: m88rs6000t: avoid potential out-of-bounds reads on arrays
    7db94692631e media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming()
    1dc1d30ac101 media: aspeed: fix clock handling logic
    d36f9755d1db media: omap4iss: return error code when omap4iss_get() failed
    75c6252e8630 media: vivid: fix assignment of dev->fbuf_out_flags
    6b121dc6807c soc: aspeed: fix a ternary sign expansion bug
    f276d195ce10 xen-blkback: fix compatibility bug with single page rings
    aafb5e38e695 ttyprintk: Add TTY hangup callback.
    ce7b62d85791 usb: dwc2: Fix hibernation between host and device modes.
    6f7ed537ca2d usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
    e83dcf255a13 Drivers: hv: vmbus: Increase wait time for VMbus unload
    9b47b3a67552 x86/platform/uv: Fix !KEXEC build failure
    9a9ce397336e platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
    eec90f4b9575 usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
    d3b6b252bab0 node: fix device cleanups in error handling code
    3f605558a4f7 firmware: qcom-scm: Fix QCOM_SCM configuration
    77a1c15145c8 serial: core: return early on unsupported ioctls
    b6803d57f587 tty: fix return value for unsupported ioctls
    932d67b84b4f tty: actually undefine superseded ASYNC flags
    a6fb73f4e009 USB: cdc-acm: fix TIOCGSERIAL implementation
    8abef571fd92 USB: cdc-acm: fix unprivileged TIOCCSERIAL
    9aa155203427 usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
    4a01ad002d2e spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
    eaf03935b859 cpufreq: armada-37xx: Fix determining base CPU frequency
    d33a00f35531 cpufreq: armada-37xx: Fix driver cleanup when registration failed
    4bffea742b66 clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
    0289edd869ac clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
    0c793b76066b cpufreq: armada-37xx: Fix the AVS value for load L1
    b671a3277b7c clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
    3518c6d0178c cpufreq: armada-37xx: Fix setting TBG parent for load levels
    19d16a689793 crypto: qat - Fix a double free in adf_create_ring
    32f5f51a3703 ACPI: CPPC: Replace cppc_attr with kobj_attribute
    726837481c93 soc: qcom: mdt_loader: Detect truncated read of segments
    08b601cb7aef soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
    001c8e83646a spi: Fix use-after-free with devm_spi_alloc_*
    3b0cd47fe1b7 PM / devfreq: Use more accurate returned new_freq as resume_freq
    51a5e5e93c01 staging: greybus: uart: fix unprivileged TIOCCSERIAL
    c751e448b726 staging: rtl8192u: Fix potential infinite loop
    8148375c865f irqchip/gic-v3: Fix OF_BAD_ADDR error handling
    ef8e7bfea99a mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
    f6a90818a320 m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
    870533403ffa soundwire: stream: fix memory leak in stream config error path
    7cd10f8a5a9d memory: pl353: fix mask of ECC page_size config register
    6b18f6ac820e USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
    93615b25c78f usb: gadget: aspeed: fix dma map failure
    c675ead206b7 crypto: qat - fix error path in adf_isr_resource_alloc()
    f3685a9ef29d phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
    4dc0332faf80 soundwire: bus: Fix device found flag correctly
    3a76ec28824c bus: qcom: Put child node before return
    5880afefe0cb mtd: require write permissions for locking and badblock ioctls
    ff352d27d4ce fotg210-udc: Complete OUT requests on short packets
    0d19ad0706c2 fotg210-udc: Don't DMA more than the buffer can take
    88f1100e523c fotg210-udc: Mask GRP2 interrupts we don't handle
    f580a8046acf fotg210-udc: Remove a dubious condition leading to fotg210_done
    359d1b0ad239 fotg210-udc: Fix EP0 IN requests bigger than two packets
    9a97aa4bbe0f fotg210-udc: Fix DMA on EP0 for length > max packet size
    05ec8192ee4b crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
    2a41049a0e21 crypto: qat - don't release uninitialized resources
    cfd99d250cde usb: gadget: pch_udc: Check for DMA mapping error
    44452b7bd35d usb: gadget: pch_udc: Check if driver is present before calling ->setup()
    23978eb064dc usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
    369428a646b7 x86/microcode: Check for offline CPUs before requesting new microcode
    6b8ff2a35a74 arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
    cbf784eff5de spi: stm32: drop devres version of spi_register_master
    15ee35be9286 arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
    168877a575a5 mtd: rawnand: qcom: Return actual error code instead of -ENODEV
    73744fcb4eb0 mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
    e5b3e69eb36a mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
    9e612890bb87 mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
    d8897f7b2283 regmap: set debugfs_name to NULL after it is freed
    0d2c86076844 usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
    6e666a05e540 serial: stm32: fix tx_empty condition
    12e423331ec9 serial: stm32: fix incorrect characters on console
    6be27923140a ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
    aacfc3bef07b ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
    d788a900f362 ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
    f9b701bc13da ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
    6cf80f1fc1a9 ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
    73bc2732108c ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
    12d9d517a2fe memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
    52189bf0b2a2 usb: gadget: pch_udc: Revert d3cb25a12138 completely
    db699975f72d ovl: fix missing revert_creds() on error path
    a51050108bed Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register"
    7d1bc32d6477 KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
    cc6623055f2d KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
    358264425747 KVM: s390: split kvm_s390_real_to_abs
    45a3ae26fcd9 s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility
    9ea2c4fd1a72 KVM: s390: fix guarded storage control register handling
    34a6d1d57c71 KVM: s390: split kvm_s390_logical_to_effective
    027de80194fb ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
    1bfa051571ac ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
    9337f5ba5090 ALSA: hda/realtek: Re-order ALC662 quirk table entries
    5f68b0ec9882 ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
    15b414029478 ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
    99aa203c6eb6 ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
    1f1612fc6bea ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries
    65d5b99c1ea9 ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
    b161e02481d8 ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries
    bd0e9154100c ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
    e97cf247ba44 ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
    02968e62200a ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
    6d9e8828fa77 ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
    e584e52783a4 drm/amd/display: Reject non-zero src_y and src_x for video planes
    56f2ea0bc2a1 drm/radeon: fix copy of uninitialized variable back to userspace
    4aea3ddac00a drm/panfrost: Don't try to map pages that are already mapped
    debaae7ac45a drm/panfrost: Clear MMU irqs before handling the fault
    6b5aa0cf321c rtw88: Fix array overrun in rtw_get_tx_power_params()
    e5b02c096145 cfg80211: scan: drop entry from hidden_list on overflow
    16b68fb8df43 ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
    af7ea06b3cae md: Fix missing unused status line of /proc/mdstat
    79c1bfae668d md: md_open returns -EBUSY when entering racing area
    adb9bbf1a284 md: factor out a mddev_find_locked helper from mddev_find
    afa4de092663 md: split mddev_find
    acdf531e77f0 md-cluster: fix use-after-free issue when removing rdev
    a72373588ce3 md/bitmap: wait for external bitmap writes to complete during tear down
    45bc83f71b22 misc: vmw_vmci: explicitly initialize vmci_datagram payload
    0f8f75b92ecc misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
    34f6ba8810c3 misc: lis3lv02d: Fix false-positive WARN on various HP models
    8809d87cb86f iio:accel:adis16201: Fix wrong axis assignment that prevents loading
    7cb1f304237a PCI: Allow VPD access for QLogic ISP2722
    f30ded0ba1b6 FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
    8943172edaf7 MIPS: pci-rt2880: fix slot 0 configuration
    cd2e53ad366f MIPS: pci-mt7620: fix PLL lock check
    4dce2a19e76b ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function
    79cc386696fb ASoC: samsung: tm2_wm5110: check of of_parse return value
    2b8b8cc94f4d usb: xhci-mtk: improve bandwidth scheduling with TT
    9f0d3e676a25 usb: xhci-mtk: remove or operator for setting schedule parameters
    230bd196536b usb: typec: tcpm: update power supply once partner accepts
    9d7bb10859b9 usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply
    c87bb48ac5c5 usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply
    66ca71d28301 staging: fwserial: fix TIOCSSERIAL permission check
    ebb46274e33f tty: moxa: fix TIOCSSERIAL permission check
    d524fb44c657 staging: fwserial: fix TIOCSSERIAL jiffies conversions
    f80f12ee00b8 USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
    f50cad556c28 staging: greybus: uart: fix TIOCSSERIAL jiffies conversions
    3114fedf4020 USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
    edce32412096 tty: amiserial: fix TIOCSSERIAL permission check
    e503d7bc7bfe tty: moxa: fix TIOCSSERIAL jiffies conversions
    c30b11c74cbb Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL"
    e32352070bca net/nfc: fix use-after-free llcp_sock_bind/connect
    eeec325c9944 bluetooth: eliminate the potential race condition when removing the HCI controller
    119858caf400 hsr: use netdev_err() instead of WARN_ONCE()
    3a826ffa80d5 Bluetooth: verify AMP hci_chan before amp_destroy

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d00220f08e9ec8e421157187794b5701ffc04eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 192f4fccaa..2d9a6f50ad 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "8cfbd0ce8afc58d4e73765fc2b84d0cf4144f0f1"
-SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
+SRCREV_machine ?= "62f2f19316f63910f27760e24314d02814a8a90e"
+SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.118"
+LINUX_VERSION ?= "5.4.119"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index bc8dff54f1..26a7da085a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.118"
+LINUX_VERSION ?= "5.4.119"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "856d692bf93a8b33482d05c7dfc76f8f51506c16"
-SRCREV_machine ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
+SRCREV_machine_qemuarm ?= "de992e88dcfe547cc08bfc1a371b0fc0c0892a31"
+SRCREV_machine ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index acfbd1c9cf..66a5a49b29 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "161dbe7187d5de2c6c0f7ab8ab43041e6f1d42bc"
-SRCREV_machine_qemuarm64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_machine_qemumips ?= "7731d7417fce687fd880da263e12d4cd96ba5bc5"
-SRCREV_machine_qemuppc ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_machine_qemuriscv64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_machine_qemux86 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_machine_qemux86-64 ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_machine_qemumips64 ?= "e1a389552633ff7df9f8d003503a69f844539db7"
-SRCREV_machine ?= "f54311bd4aeddc4f600d3553054891a8198f8f72"
-SRCREV_meta ?= "19fddc3eadeb05f3ba6001833ccfd32257251301"
+SRCREV_machine_qemuarm ?= "715f9e60c9426156cb73904e65d39daea51288ca"
+SRCREV_machine_qemuarm64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_machine_qemumips ?= "bd95d2d0a38cf539f34d84740262c4d3aef1833f"
+SRCREV_machine_qemuppc ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_machine_qemuriscv64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_machine_qemux86 ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_machine_qemux86-64 ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_machine_qemumips64 ?= "45be3768458cb4186ee2761de2a414e323bd6fe0"
+SRCREV_machine ?= "8997f663001be812a7670488ac8698eb916d9d50"
+SRCREV_meta ?= "9e2546ab8d63f70ba458eb159d29ce6736ffd3e4"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.118"
+LINUX_VERSION ?= "5.4.119"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 13/26] libxml2: Reformat runtest.patch
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (11 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 12/26] linux-yocto/5.4: update to v5.4.119 Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 14/26] libxml2: Add bash dependency for ptests Steve Sakoman
                   ` (12 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Tony Tascioglu <tony.tascioglu@windriver.com>

Reformatted runtest.patch to allow it to be applied using git am.
This makes it easier to apply the series of patches to the original git repo.

There are no changes to the code of the patch other than the reformat.

Previously, the patch claimed to be a backport, but I have not found an
upstream commit so I've changed the Upstream-Status to pending.

Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0361d625e1573e846a2f03ed90a8b897bc405160)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-core/libxml/libxml2/runtest.patch | 45 ++++++++++---------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 0dbb353c0f..c7a90cd3dc 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -1,28 +1,33 @@
-Add 'install-ptest' rule. Print a standard result line for
-each test.
+From 6172ccd1e74bc181f5298f19e240234e12876abe Mon Sep 17 00:00:00 2001
+From: Tony Tascioglu <tony.tascioglu@windriver.com>
+Date: Tue, 11 May 2021 11:57:46 -0400
+Subject: [PATCH] Add 'install-ptest' rule.
+
+Print a standard result line for each test.
 
 Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Upstream-Status: Backport
+Upstream-Status: Pending
 
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
 ---
- Makefile.am   |   9 ++++
+ Makefile.am   |   9 +++
  runsuite.c    |   1 +
  runtest.c     |   2 +
  runxmlconf.c  |   1 +
- testapi.c     | 122 ++++++++++++++++++++++++++++++---------------
- testchar.c    | 156 +++++++++++++++++++++++++++++++++++++++++-----------------
+ testapi.c     | 122 ++++++++++++++++++++++++++-------------
+ testchar.c    | 156 +++++++++++++++++++++++++++++++++++---------------
  testdict.c    |   1 +
  testlimits.c  |   1 +
  testrecurse.c |   2 +
  9 files changed, 210 insertions(+), 85 deletions(-)
 
 diff --git a/Makefile.am b/Makefile.am
-index 9c630be..7cfd04b 100644
+index 05d1671f..ae622745 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -202,6 +202,15 @@ runxmlconf_LDADD= $(LDADDS)
+@@ -198,6 +198,15 @@ runxmlconf_LDADD= $(LDADDS)
  #testOOM_DEPENDENCIES = $(DEPS)
  #testOOM_LDADD= $(LDADDS)
  
@@ -39,10 +44,10 @@ index 9c630be..7cfd04b 100644
            testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
  	[ -d test   ] || $(LN_S) $(srcdir)/test   .
 diff --git a/runsuite.c b/runsuite.c
-index aaab13e..9ba2c5d 100644
+index d24b5ec3..f7ff2521 100644
 --- a/runsuite.c
 +++ b/runsuite.c
-@@ -1162,6 +1162,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
+@@ -1147,6 +1147,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
  
      if (logfile != NULL)
          fclose(logfile);
@@ -51,10 +56,10 @@ index aaab13e..9ba2c5d 100644
  }
  #else /* !SCHEMAS */
 diff --git a/runtest.c b/runtest.c
-index addda5c..8ba5d59 100644
+index ffa98d04..470f95cb 100644
 --- a/runtest.c
 +++ b/runtest.c
-@@ -4501,6 +4501,7 @@ launchTests(testDescPtr tst) {
+@@ -4508,6 +4508,7 @@ launchTests(testDescPtr tst) {
      xmlCharEncCloseFunc(ebcdicHandler);
      xmlCharEncCloseFunc(eucJpHandler);
  
@@ -62,7 +67,7 @@ index addda5c..8ba5d59 100644
      return(err);
  }
  
-@@ -4577,6 +4578,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
+@@ -4588,6 +4589,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
      xmlCleanupParser();
      xmlMemoryDump();
  
@@ -71,7 +76,7 @@ index addda5c..8ba5d59 100644
  }
  
 diff --git a/runxmlconf.c b/runxmlconf.c
-index cef20f4..4f291fb 100644
+index 70f61017..e882b3a1 100644
 --- a/runxmlconf.c
 +++ b/runxmlconf.c
 @@ -595,6 +595,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
@@ -83,7 +88,7 @@ index cef20f4..4f291fb 100644
  }
  
 diff --git a/testapi.c b/testapi.c
-index 4a751e2..7ccc066 100644
+index ff8b470d..52b51d78 100644
 --- a/testapi.c
 +++ b/testapi.c
 @@ -1246,49 +1246,91 @@ static int
@@ -219,7 +224,7 @@ index 4a751e2..7ccc066 100644
  }
  
 diff --git a/testchar.c b/testchar.c
-index 0d08792..f555d3b 100644
+index 6866a175..7bce0132 100644
 --- a/testchar.c
 +++ b/testchar.c
 @@ -23,7 +23,7 @@ static void errorHandler(void *unused, xmlErrorPtr err) {
@@ -797,7 +802,7 @@ index 0d08792..f555d3b 100644
      /*
       * Cleanup function for the XML library.
 diff --git a/testdict.c b/testdict.c
-index 40bebd0..114b934 100644
+index 40bebd05..114b9347 100644
 --- a/testdict.c
 +++ b/testdict.c
 @@ -440,5 +440,6 @@ int main(void)
@@ -808,7 +813,7 @@ index 40bebd0..114b934 100644
      return(ret);
  }
 diff --git a/testlimits.c b/testlimits.c
-index 68c94db..1584434 100644
+index 059116a6..f0bee68d 100644
 --- a/testlimits.c
 +++ b/testlimits.c
 @@ -1634,5 +1634,6 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) {
@@ -819,7 +824,7 @@ index 68c94db..1584434 100644
      return(ret);
  }
 diff --git a/testrecurse.c b/testrecurse.c
-index f95ae1c..74c8f8b 100644
+index 0cbe25a6..3ecadb40 100644
 --- a/testrecurse.c
 +++ b/testrecurse.c
 @@ -892,6 +892,7 @@ launchTests(testDescPtr tst) {
@@ -838,5 +843,5 @@ index f95ae1c..74c8f8b 100644
      return(ret);
  }
 -- 
-2.7.4
+2.25.1
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 14/26] libxml2: Add bash dependency for ptests.
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (12 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 13/26] libxml2: Reformat runtest.patch Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 15/26] glibc: Add 8GB VM usage cap for usermode test suite Steve Sakoman
                   ` (11 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Tony Tascioglu <tony.tascioglu@windriver.com>

Before, running ptests on core-image-minimal would result in
an error due to missing /bin/bash:

   [ -d test   ] || ln -s ../libxml2-2.9.10/test   .
   make: /bin/bash: No such file or directory
   make: *** [Makefile:2105: runtests] Error 127

Changing the Makefile to use /bin/sh results in some of the
tests failing, so I have added the missing dependancy on bash.

Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d2e81298c446aec8d7fcf61fd5023ac30350f205)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 4ebfb9e556..db660b9869 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -42,7 +42,7 @@ inherit autotools pkgconfig binconfig-disabled ptest features_check
 
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
 
-RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell  python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
+RDEPENDS_${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell  python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
 
 RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 15/26] glibc: Add 8GB VM usage cap for usermode test suite
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (13 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 14/26] libxml2: Add bash dependency for ptests Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 16/26] grub: Exclude CVE-2019-14865 from cve-check Steve Sakoman
                   ` (10 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We've noticed that:

MACHINE=qemuarm oe-selftest -r glibc.GlibcSelfTest.test_glibc

ends up with one process growing to about the size of system memory
and triggering the OOM killer. This has been taking out other builds
running on the system on the autobuilders and is one cause of our
intermittent failures.

This was tracked down to:

WORKDIR=XXX/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/glibc-testsuite/2.33-r0
BUILDDIR=$WORKDIR/build-arm-poky-linux-gnueabi QEMU_SYSROOT=$WORKDIR/recipe-sysroot
QEMU_OPTIONS="$WORKDIR/recipe-sysroot-native/usr/bin/qemu-arm -r 3.2.0" \
$WORKDIR/check-test-wrapper user env GCONV_PATH=$BUILDDIR/iconvdata LOCPATH=$BUILDDIR/localedata LC_ALL=C $BUILDDIR/elf/ld-linux-armhf.so.3 \
    --library-path $BUILDDIR:$BUILDDIR/math:$BUILDDIR/elf:$BUILDDIR/dlfcn:$BUILDDIR/nss:$BUILDDIR/nis:$BUILDDIR/rt:$BUILDDIR/resolv:$BUILDDIR/mathvec:$BUILDDIR/support:$BUILDDIR/nptl \
    $BUILDDIR/nptl/tst-pthread-timedlock-lockloop

although other glibc tests appear to use 16GB of memory before failing
anyway. By capping the VM size to 8GB, we see the same number of failures
but no OOM situations. There may be some issue in qemu or the test which
could be improved to avoid this entirely but this provides a necessary
and useful safeguard to other builds and doensn't appear to make the
situation worse.

On a loaded system OOM may not occur as the test timeout may be triggered
first. An experiment with a 5GB limit showed an additional 7 failures.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 58d4f669bd46805669daf87626350fe9359feca5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc/check-test-wrapper | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meta/recipes-core/glibc/glibc/check-test-wrapper b/meta/recipes-core/glibc/glibc/check-test-wrapper
index f8e04e02d2..6ec9b9b29e 100644
--- a/meta/recipes-core/glibc/glibc/check-test-wrapper
+++ b/meta/recipes-core/glibc/glibc/check-test-wrapper
@@ -2,6 +2,7 @@
 import sys
 import os
 import subprocess
+import resource
 
 env = os.environ.copy()
 args = sys.argv[1:]
@@ -44,6 +45,14 @@ if targettype == "user":
     qemuargs += ["-L", sysroot]
     qemuargs += ["-E", "LD_LIBRARY_PATH={}".format(":".join(libpaths))]
     command = qemuargs + args
+
+    # We've seen qemu-arm using up all system memory for some glibc
+    # tests e.g. nptl/tst-pthread-timedlock-lockloop
+    # Cap at 8GB since no test should need more than that
+    # (5GB adds 7 failures for qemuarm glibc test run)
+    limit = 8*1024*1024*1024
+    resource.setrlimit(resource.RLIMIT_AS, (limit, limit))
+
 elif targettype == "ssh":
     host = os.environ.get("SSH_HOST", None)
     user = os.environ.get("SSH_HOST_USER", None)
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 16/26] grub: Exclude CVE-2019-14865 from cve-check
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (14 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 15/26] glibc: Add 8GB VM usage cap for usermode test suite Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 17/26] sstate: Ignore sstate signing key Steve Sakoman
                   ` (9 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The CVE only applies to RHEL.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8cfc3ebe50facb7e34e778f3e264b26cfae20a04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 2c55852ef0..180e3752f8 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -13,6 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
 CVE_PRODUCT = "grub2"
 
+# Applies only to RHEL
+CVE_CHECK_WHITELIST += "CVE-2019-14865"
+
 SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
            file://autogen.sh-exclude-pc.patch \
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 17/26] sstate: Ignore sstate signing key
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (15 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 16/26] grub: Exclude CVE-2019-14865 from cve-check Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 18/26] lib/oe/gpg_sign.py: Fix gpg verification Steve Sakoman
                   ` (8 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Daniel McGregor <daniel.mcgregor@vecima.com>

What key is used to sign sstate artefacts should not affect the hash of
the object, otherwise everyone would need to use the same signing key.

Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 57cc9429dba4f9bd23127633dbc1f57dc2d5dd16)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sstate.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 3c89c35ecf..a689f7f677 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -706,6 +706,8 @@ def sstate_package(ss, d):
 
     return
 
+sstate_package[vardepsexclude] += "SSTATE_SIG_KEY"
+
 def pstaging_fetch(sstatefetch, d):
     import bb.fetch2
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 18/26] lib/oe/gpg_sign.py: Fix gpg verification
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (16 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 17/26] sstate: Ignore sstate signing key Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 19/26] kernel-fitimage.bbclass: fix a wrong conditional check Steve Sakoman
                   ` (7 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Daniel McGregor <daniel.mcgregor@vecima.com>

A stray space made it into the command for verifying gpg signatures.
This caused verification to fail, at least on my host. Removing the
space makes it work as expected.

Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af1d948822cbe6ac7ede9cb4e881db8dc780e308)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/gpg_sign.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 7634d7ef1d..492f096eaa 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -111,7 +111,7 @@ class LocalSigner(object):
 
     def verify(self, sig_file):
         """Verify signature"""
-        cmd = self.gpg_cmd + [" --verify", "--no-permission-warning"]
+        cmd = self.gpg_cmd + ["--verify", "--no-permission-warning"]
         if self.gpg_path:
             cmd += ["--homedir", self.gpg_path]
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 19/26] kernel-fitimage.bbclass: fix a wrong conditional check
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (17 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 18/26] lib/oe/gpg_sign.py: Fix gpg verification Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 20/26] initramfs-framework:rootfs: fix wrong indentions Steve Sakoman
                   ` (6 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Ming Liu <liu.ming50@gmail.com>

It should check if "${UBOOT_SIGN_ENABLE}" equals to "1" instead of
checking if "${UBOOT_SIGN_ENABLE}" is not empty since it could be "0".

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 900949af7fe357ee66065ba150b0b1914e8ca581)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-fitimage.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 72b05ff8d1..b4d8ff8309 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -250,7 +250,7 @@ fitimage_emit_section_config() {
 
 	conf_csum="${FIT_HASH_ALG}"
 	conf_sign_algo="${FIT_SIGN_ALG}"
-	if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
+	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
 		conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
 	fi
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 20/26] initramfs-framework:rootfs: fix wrong indentions
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (18 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 19/26] kernel-fitimage.bbclass: fix a wrong conditional check Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 21/26] unfs3: correct configure option Steve Sakoman
                   ` (5 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Ming Liu <liu.ming50@gmail.com>

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd4d76f43c6ead9f32dece1faa9c9c5da895d9cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/initrdscripts/initramfs-framework/rootfs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
index 748c9391c0..1d8a0ae66d 100644
--- a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
@@ -67,8 +67,8 @@ rootfs_run() {
 					# It is unlikely to change, but keep trying anyway.
 					# Perhaps we pick a different device next time.
 					umount $ROOTFS_DIR
-					fi
 				fi
+			fi
 		fi
 		debug "Sleeping for $delay second(s) to wait root to settle..."
 		sleep $delay
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 21/26] unfs3: correct configure option
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (19 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 20/26] initramfs-framework:rootfs: fix wrong indentions Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 22/26] package_rpm: pass XZ_THREADS to rpm Steve Sakoman
                   ` (4 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Changqing Li <changqing.li@windriver.com>

On some new distro like ubuntu21.04, unfs3-native compile failed with
error: undefined reference to `xdr_uint32', since new distro has new
glibc.

>>From glibc 2.27 rpc support is dropped, so unfs3 need to link to
libtirpc.

Here is defination of ac_link:
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'

Depended library should be added into LIBS, not LDFLAGS, otherwise,
gcc may not load the lib since it is before conftest.$ac_ext during
configure. Finally, it results in compile failed.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27867862c1fee6c0e649286500fa1ab015d57faf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/unfs3/unfs3_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/unfs3/unfs3_git.bb b/meta/recipes-devtools/unfs3/unfs3_git.bb
index 5a3c060ba9..b1882defa2 100644
--- a/meta/recipes-devtools/unfs3/unfs3_git.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_git.bb
@@ -36,7 +36,7 @@ BBCLASSEXTEND = "native nativesdk"
 inherit autotools
 EXTRA_OECONF_append_class-native = " --sbindir=${bindir}"
 CFLAGS_append = " -I${STAGING_INCDIR}/tirpc"
-LDFLAGS_append = " -ltirpc"
+EXTRA_OECONF_append = " LIBS=-ltirpc"
 
 # Turn off these header detects else the inode search
 # will walk entire file systems and this is a real problem
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 22/26] package_rpm: pass XZ_THREADS to rpm
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (20 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 21/26] unfs3: correct configure option Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 23/26] image-live.bbclass: order do_bootimg after do_rootfs Steve Sakoman
                   ` (3 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Ross Burton <ross@burtonini.com>

By default RPM uses the number of cores as the number of threads to use,
which can result in quite antisocial memory usage.

As we control the macros for compression anyway, we can pass XZ_THREADS
to limit the number of threads if needed.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b9c983eb22a9b0771a0454216d1d7cbb5f3f8a16)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package_rpm.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index 7de409197e..fc9007922a 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -678,8 +678,8 @@ python do_package_rpm () {
     cmd = cmd + " --define '_use_internal_dependency_generator 0'"
     cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
     cmd = cmd + " --define '_build_id_links none'"
-    cmd = cmd + " --define '_binary_payload w6T.xzdio'"
-    cmd = cmd + " --define '_source_payload w6T.xzdio'"
+    cmd = cmd + " --define '_binary_payload w6T%d.xzdio'" % int(d.getVar("XZ_THREADS"))
+    cmd = cmd + " --define '_source_payload w6T%d.xzdio'" % int(d.getVar("XZ_THREADS"))
     cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
     cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'"
     cmd = cmd + " --define '_buildhost reproducible'"
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 23/26] image-live.bbclass: order do_bootimg after do_rootfs
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (21 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 22/26] package_rpm: pass XZ_THREADS to rpm Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 24/26] oeqa/runtime/rpm: Drop log message counting test component Steve Sakoman
                   ` (2 subsequent siblings)
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Guillaume Champagne <champagne.guillaume.c@gmail.com>

do_bootimg expects IMGDEPLOYDIR to exist, since it stores its artifacts
there. Therefore, do_bootimg should run after do_rootfs because
IMGDEPLOYDIR is created before do_rootfs runs since IMGDEPLOYDIR is
contained in do_rootfs' [cleandirs] varflag.

When do_bootimg depends on ${PN}:do_image_${LIVE_ROOTFS_TYPE},
do_bootimg is correctly ordered after do_rootfs because
do_image_${FSTYPE} tasks are added after do_image and do_image itself is
added after do_rootfs.

However, when do_bootimg doesn't depend on
${PN}:do_image_${LIVE_ROOTFS_TYPE}
(introduced by: 96f47c39f1d17f073243913d524bde84add41d8f), do_bootimg
can run before do_rootfs, thus before IMGDEPLOYDIR is created. To
avoid this situation, do_bootimg is now explicitly ordered after
do_rootfs.

Signed-off-by: Guillaume Champagne <champagne.guillaume.c@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 73c21db8e54002b300ba4972cb49c0577acc5406)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/image-live.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image-live.bbclass b/meta/classes/image-live.bbclass
index e9eba1fc4b..2fa839b0de 100644
--- a/meta/classes/image-live.bbclass
+++ b/meta/classes/image-live.bbclass
@@ -261,4 +261,4 @@ python do_bootimg() {
 do_bootimg[subimages] = "hddimg iso"
 do_bootimg[imgsuffix] = "."
 
-addtask bootimg before do_image_complete
+addtask bootimg before do_image_complete after do_rootfs
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 24/26] oeqa/runtime/rpm: Drop log message counting test component
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (22 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 23/26] image-live.bbclass: order do_bootimg after do_rootfs Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 25/26] pkgconfig: update SRC_URI Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 26/26] linux-firmware: upgrade 20210315 -> 20210511 Steve Sakoman
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This test is flawed since multiple parts of the system can write to the log
and we obtain different numbers of log messages depending on factors we
can't control.

Drop the log testing component of the test.

[YOCTO #12465]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ad815dbafda0b90f5164f05d22dbbc26cb53f13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/rpm.py | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py
index 8e18b426f8..7a9d62c003 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -141,13 +141,4 @@ class RpmInstallRemoveTest(OERuntimeTestCase):
 
         self.tc.target.run('rm -f %s' % self.dst)
 
-        # if using systemd this should ensure all entries are flushed to /var
-        status, output = self.target.run("journalctl --sync")
-        # Get the amount of entries in the log file
-        status, output = self.target.run(check_log_cmd)
-        msg = 'Failed to get the final size of the log file.'
-        self.assertEqual(0, status, msg=msg)
 
-        # Check that there's enough of them
-        self.assertGreaterEqual(int(output), 80,
-                                   'Cound not find sufficient amount of rpm entries in /var/log/messages, found {} entries'.format(output))
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 25/26] pkgconfig: update SRC_URI
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (23 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 24/26] oeqa/runtime/rpm: Drop log message counting test component Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  2021-06-01 14:18 ` [OE-core][dunfell 26/26] linux-firmware: upgrade 20210315 -> 20210511 Steve Sakoman
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Changqing Li <changqing.li@windriver.com>

The git repo for pkg-config was changed, so update the
SRC_URI accordingly with the new link.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9fd1b9b8282d68213b187ab42fae27e6a3c95b2e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pkgconfig/pkgconfig_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pkgconfig/pkgconfig_git.bb b/meta/recipes-devtools/pkgconfig/pkgconfig_git.bb
index 52ef2a9779..7bf68082b2 100644
--- a/meta/recipes-devtools/pkgconfig/pkgconfig_git.bb
+++ b/meta/recipes-devtools/pkgconfig/pkgconfig_git.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 SRCREV = "edf8e6f0ea77ede073f07bff0d2ae1fc7a38103b"
 PV = "0.29.2+git${SRCPV}"
 
-SRC_URI = "git://anongit.freedesktop.org/pkg-config \
+SRC_URI = "git://gitlab.freedesktop.org/pkg-config/pkg-config.git;branch=master;protocol=https \
            file://pkg-config-esdk.in \
            file://pkg-config-native.in \
            file://fix-glib-configure-libtool-usage.patch \
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

* [OE-core][dunfell 26/26] linux-firmware: upgrade 20210315 -> 20210511
  2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
                   ` (24 preceding siblings ...)
  2021-06-01 14:18 ` [OE-core][dunfell 25/26] pkgconfig: update SRC_URI Steve Sakoman
@ 2021-06-01 14:18 ` Steve Sakoman
  25 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2021-06-01 14:18 UTC (permalink / raw)
  To: openembedded-core

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There were additional links and new firmware versions added but these
were not under any additional licenses.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b0562c526817501a494a3674fed006ba40c8f164)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...{linux-firmware_20210315.bb => linux-firmware_20210511.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20210315.bb => linux-firmware_20210511.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
index 1e32d1c8b6..26091fba70 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20210315.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20210511.bb
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
                     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
                     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=e21a8cbddc1612bce56f06fe154a0743 \
+                    file://WHENCE;md5=727d0d4e2d420f41d89d098f6322e779 \
                     "
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "a2348f03492713dca9aef202496c6e58f5e63ee5bec6a7bdfcf8b18ce7155e70"
+SRC_URI[sha256sum] = "2aa6ae8b9808408f9811ac38f00c188e53e984a2b3990254f6c9c02c1ab13417"
 
 inherit allarch
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 27+ messages in thread

end of thread, other threads:[~2021-06-01 14:19 UTC | newest]

Thread overview: 27+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-01 14:17 [OE-core][dunfell 00/26] Patch review Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317 Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 02/26] tiff: Add fix for CVE-2020-35521 and CVE-2020-35522 Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 03/26] openssh: Add fixes for CVEs reported for openssh Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 04/26] expat: set CVE_PRODUCT Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 05/26] cve-extra-exclusions.inc: add exclusion list for intractable CVE's Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 06/26] cve-extra-exclusions: Fix typos Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 07/26] cve-extra-exclusions.inc: Clean up merged CPE updates Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 08/26] busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 09/26] kernel-yocto: provide debug / summary information for metadata Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 10/26] linux-yocto/5.4: update to v5.4.117 Steve Sakoman
2021-06-01 14:17 ` [OE-core][dunfell 11/26] linux-yocto/5.4: update to v5.4.118 Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 12/26] linux-yocto/5.4: update to v5.4.119 Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 13/26] libxml2: Reformat runtest.patch Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 14/26] libxml2: Add bash dependency for ptests Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 15/26] glibc: Add 8GB VM usage cap for usermode test suite Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 16/26] grub: Exclude CVE-2019-14865 from cve-check Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 17/26] sstate: Ignore sstate signing key Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 18/26] lib/oe/gpg_sign.py: Fix gpg verification Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 19/26] kernel-fitimage.bbclass: fix a wrong conditional check Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 20/26] initramfs-framework:rootfs: fix wrong indentions Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 21/26] unfs3: correct configure option Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 22/26] package_rpm: pass XZ_THREADS to rpm Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 23/26] image-live.bbclass: order do_bootimg after do_rootfs Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 24/26] oeqa/runtime/rpm: Drop log message counting test component Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 25/26] pkgconfig: update SRC_URI Steve Sakoman
2021-06-01 14:18 ` [OE-core][dunfell 26/26] linux-firmware: upgrade 20210315 -> 20210511 Steve Sakoman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.