All of lore.kernel.org
 help / color / mirror / Atom feed
* [hardknott][PATCH 00/17] Patch review
@ 2022-01-27  5:09 Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 01/17] tune-cortexa72: remove crypto for the default cortex-a72 Anuj Mittal
                   ` (16 more replies)
  0 siblings, 17 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

Next set of changes for hardknott. Please review. No problems seen while
testing on autobuilder except for an intermittent ptest failure in
lttng-tools.

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3160

Thanks,

Anuj

The following changes since commit 155c238d340fdc82420ba9f367cb23014c78b705:

  cve-check: add lockfile to task (2022-01-17 10:37:09 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/hardknott

Bruce Ashfield (4):
  linux-yocto/5.4: update to v5.4.169
  linux-yocto/5.4: update to v5.4.170
  linux-yocto/5.4: update to v5.4.171
  linux-yocto/5.4: update to v5.4.172

Changqing Li (1):
  pigz: fix one failure of command "unpigz -l"

Jagadeesh Krishnanjanappa (1):
  tune-cortexa72: remove crypto for the default cortex-a72

Kai Kang (1):
  speex: fix CVE-2020-23903

Kevin Hao (2):
  tune-cortexa72: Enable the crc extension by default for cortexa72
  tune-cortexa72: Drop the redundant cortexa72-crc tune

Mingli Yu (1):
  socat: update SRC_URI

Pgowda (2):
  binutils: upgrade binutils-2.36 to latest version
  gcc: upgrade to gcc-10.3 version

Ross Burton (1):
  lighttpd: backport a fix for CVE-2022-22707

Steve Sakoman (3):
  expat fix CVE-2022-22822 through CVE-2022-22827
  expat: fix CVE-2021-45960
  expat: fix CVE-2021-46143

pgowda (1):
  glibc: upgrade glibc-2.33 to latest version

 meta/conf/distro/include/maintainers.inc      |   2 +-
 meta/conf/machine/include/tune-cortexa72.inc  |  12 +-
 .../socat/socat_1.7.4.1.bb                    |   2 +-
 .../expat/expat/CVE-2021-45960.patch          |  65 ++
 .../expat/expat/CVE-2021-46143.patch          |  43 ++
 .../expat/expat/CVE-2022-22822-27.patch       | 257 +++++++
 meta/recipes-core/expat/expat_2.2.10.bb       |   3 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/glibc/0031-CVE-2021-43396.patch     | 182 -----
 meta/recipes-core/glibc/glibc_2.33.bb         |   1 -
 .../binutils/binutils-2.36.inc                |   5 +-
 .../binutils/0001-CVE-2021-20197.patch        | 201 ------
 .../binutils/0001-CVE-2021-42574.patch        |   4 +-
 .../binutils/0002-CVE-2021-20197.patch        | 170 -----
 .../binutils/0003-CVE-2021-20197.patch        | 171 -----
 .../gcc/{gcc-10.2.inc => gcc-10.3.inc}        |  12 +-
 ...ian_10.2.bb => gcc-cross-canadian_10.3.bb} |   0
 .../{gcc-cross_10.2.bb => gcc-cross_10.3.bb}  |   0
 ...-crosssdk_10.2.bb => gcc-crosssdk_10.3.bb} |   0
 ...cc-runtime_10.2.bb => gcc-runtime_10.3.bb} |   0
 ...itizers_10.2.bb => gcc-sanitizers_10.3.bb} |   0
 ...{gcc-source_10.2.bb => gcc-source_10.3.bb} |   0
 .../gcc/gcc/0001-CVE-2021-35465.patch         |  22 +-
 ...-up-__aarch64_cas16_acq_rel-fallback.patch |  66 --
 ...ight-Line-Speculation-SLS-mitigation.patch | 202 ------
 ...e-SLS-mitigation-for-RET-and-BR-inst.patch | 607 ----------------
 ...h64-Mitigate-SLS-for-BLR-instruction.patch | 658 ------------------
 ...gcc-Fix-argument-list-too-long-error.patch |   5 +-
 ...Re-introduce-spe-commandline-options.patch |   2 +-
 ...ngw32-Enable-operation_not_supported.patch |   4 +-
 .../gcc/0038-arm-neoverse-n2-support.patch    |  88 ---
 .../gcc/0039-arm64-neoverse-n2-support.patch  |  60 --
 .../gcc/{gcc_10.2.bb => gcc_10.3.bb}          |   0
 ...initial_10.2.bb => libgcc-initial_10.3.bb} |   0
 .../gcc/{libgcc_10.2.bb => libgcc_10.3.bb}    |   0
 ...ibgfortran_10.2.bb => libgfortran_10.3.bb} |   0
 ...ix-out-of-bounds-OOB-write-fixes-313.patch |  97 +++
 .../lighttpd/lighttpd_1.4.59.bb               |   1 +
 ...0001-Fix-bug-when-combining-l-with-d.patch |  50 ++
 meta/recipes-extended/pigz/pigz_2.6.bb        |   3 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../speex/speex/CVE-2020-23903.patch          |  30 +
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |   4 +-
 45 files changed, 602 insertions(+), 2465 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-45960.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-46143.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-22822-27.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/0031-CVE-2021-43396.patch
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch
 rename meta/recipes-devtools/gcc/{gcc-10.2.inc => gcc-10.3.inc} (90%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_10.2.bb => gcc-cross-canadian_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-cross_10.2.bb => gcc-cross_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-crosssdk_10.2.bb => gcc-crosssdk_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-runtime_10.2.bb => gcc-runtime_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-sanitizers_10.2.bb => gcc-sanitizers_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-source_10.2.bb => gcc-source_10.3.bb} (100%)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0038-arm-neoverse-n2-support.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0039-arm64-neoverse-n2-support.patch
 rename meta/recipes-devtools/gcc/{gcc_10.2.bb => gcc_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc-initial_10.2.bb => libgcc-initial_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc_10.2.bb => libgcc_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgfortran_10.2.bb => libgfortran_10.3.bb} (100%)
 create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
 create mode 100644 meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch

-- 
2.34.1



^ permalink raw reply	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 01/17] tune-cortexa72: remove crypto for the default cortex-a72
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 02/17] tune-cortexa72: Enable the crc extension by default for cortexa72 Anuj Mittal
                   ` (15 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>

The cryptographic unit is optional for the Cortex-A72, but it was
included by default previously.  This breaks building systems that
lack this functionality when using tune-cortexa72.inc.

To correct this, add a crypto entry in the tune file.  Since CRC is
optional for ARMv8.0, do the same thing while we're at it.

For platforms that had been happily using tune-cortexa72.inc, a slight
degradation of performance will occur using the default.  To correct
this, simply add:
DEFAULTTUNE = "cortexa72-crc-crypto"

(From OE-Core rev: 2568d537087adb0b592aa250bf628a7b48c3a9d3)

Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us> (rewording commit message)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Kevin: Convert to the old style override syntax]
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/conf/machine/include/tune-cortexa72.inc | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/meta/conf/machine/include/tune-cortexa72.inc b/meta/conf/machine/include/tune-cortexa72.inc
index b3f68ab6e3..7608a20c43 100644
--- a/meta/conf/machine/include/tune-cortexa72.inc
+++ b/meta/conf/machine/include/tune-cortexa72.inc
@@ -6,8 +6,16 @@ TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'cortexa72', ' -mcpu=corte
 require conf/machine/include/arm/arch-armv8a.inc
 
 # Little Endian base configs
-AVAILTUNES += "cortexa72"
+AVAILTUNES += "cortexa72 cortexa72-crc cortexa72-crc-crypto"
 ARMPKGARCH_tune-cortexa72             = "cortexa72"
-TUNE_FEATURES_tune-cortexa72          = "${TUNE_FEATURES_tune-armv8a-crc-crypto} cortexa72"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72"
-BASE_LIB_tune-cortexa72               = "lib64"
+ARMPKGARCH_tune-cortexa72-crc         = "cortexa72"
+ARMPKGARCH_tune-cortexa72-crc-crypto  = "cortexa72"
+TUNE_FEATURES_tune-cortexa72          = "${TUNE_FEATURES_tune-armv8a} cortexa72"
+TUNE_FEATURES_tune-cortexa72-crc      = "${TUNE_FEATURES_tune-cortexa72} crc"
+TUNE_FEATURES_tune-cortexa72-crc-crypto   = "${TUNE_FEATURES_tune-cortexa72} crc crypto"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72        = "${PACKAGE_EXTRA_ARCHS_tune-armv8} cortexa72"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc} cortexa72 cortexa72-crc"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc-crypto    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72 cortexa72-crc cortexa72-crc-crypto"
+BASE_LIB_tune-cortexa72            = "lib64"
+BASE_LIB_tune-cortexa72-crc        = "lib64"
+BASE_LIB_tune-cortexa72-crc-crypto = "lib64"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 02/17] tune-cortexa72: Enable the crc extension by default for cortexa72
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 01/17] tune-cortexa72: remove crypto for the default cortex-a72 Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 03/17] tune-cortexa72: Drop the redundant cortexa72-crc tune Anuj Mittal
                   ` (14 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Kevin Hao <kexin.hao@windriver.com>

The crc extension is optional for the ARMv8.0 but is mandatory for the
cortexa72, so there is no reason not to enable it for the cortexa72
tune. With this change, the cortexa72-crc seems redundant. But we
had better to keep it to be compatible with the BSP which already used
that tune.

(From OE-Core rev: ca50267ab568d2f688844cb7c6cd867ed34168db)

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Kevin: Convert to the old style override syntax]
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/conf/machine/include/tune-cortexa72.inc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/conf/machine/include/tune-cortexa72.inc b/meta/conf/machine/include/tune-cortexa72.inc
index 7608a20c43..30480efd83 100644
--- a/meta/conf/machine/include/tune-cortexa72.inc
+++ b/meta/conf/machine/include/tune-cortexa72.inc
@@ -10,12 +10,12 @@ AVAILTUNES += "cortexa72 cortexa72-crc cortexa72-crc-crypto"
 ARMPKGARCH_tune-cortexa72             = "cortexa72"
 ARMPKGARCH_tune-cortexa72-crc         = "cortexa72"
 ARMPKGARCH_tune-cortexa72-crc-crypto  = "cortexa72"
-TUNE_FEATURES_tune-cortexa72          = "${TUNE_FEATURES_tune-armv8a} cortexa72"
-TUNE_FEATURES_tune-cortexa72-crc      = "${TUNE_FEATURES_tune-cortexa72} crc"
-TUNE_FEATURES_tune-cortexa72-crc-crypto   = "${TUNE_FEATURES_tune-cortexa72} crc crypto"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72        = "${PACKAGE_EXTRA_ARCHS_tune-armv8} cortexa72"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc} cortexa72 cortexa72-crc"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc-crypto    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72 cortexa72-crc cortexa72-crc-crypto"
+TUNE_FEATURES_tune-cortexa72          = "${TUNE_FEATURES_tune-armv8a-crc} cortexa72"
+TUNE_FEATURES_tune-cortexa72-crc      = "${TUNE_FEATURES_tune-cortexa72}"
+TUNE_FEATURES_tune-cortexa72-crc-crypto   = "${TUNE_FEATURES_tune-cortexa72} crypto"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72        = "${PACKAGE_EXTRA_ARCHS_tune-armv8-crc} cortexa72"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc} cortexa72"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc-crypto    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72 cortexa72-crc-crypto"
 BASE_LIB_tune-cortexa72            = "lib64"
 BASE_LIB_tune-cortexa72-crc        = "lib64"
 BASE_LIB_tune-cortexa72-crc-crypto = "lib64"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 03/17] tune-cortexa72: Drop the redundant cortexa72-crc tune
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 01/17] tune-cortexa72: remove crypto for the default cortex-a72 Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 02/17] tune-cortexa72: Enable the crc extension by default for cortexa72 Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 04/17] socat: update SRC_URI Anuj Mittal
                   ` (13 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Kevin Hao <kexin.hao@windriver.com>

We have enabled the crc extension by default for cortexa72 in patch
("tune-cortexa72: Enable the crc extension by default for cortexa72"),
then the cortexa72-crc seems redundant. So drop it. We also rename the
cortexa72-crc-crypto to cortexa72-crypto. With these changes, it will
break the BSPs which used these two tunes, but it should be easy to fix.

(From OE-Core rev: 03cebdd7ef923a8ac5c8b7c12c7cefe7ca0158db)

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Kevin: Convert to the old style override syntax]
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/conf/machine/include/tune-cortexa72.inc | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/meta/conf/machine/include/tune-cortexa72.inc b/meta/conf/machine/include/tune-cortexa72.inc
index 30480efd83..efb71ee0a1 100644
--- a/meta/conf/machine/include/tune-cortexa72.inc
+++ b/meta/conf/machine/include/tune-cortexa72.inc
@@ -6,16 +6,12 @@ TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'cortexa72', ' -mcpu=corte
 require conf/machine/include/arm/arch-armv8a.inc
 
 # Little Endian base configs
-AVAILTUNES += "cortexa72 cortexa72-crc cortexa72-crc-crypto"
+AVAILTUNES += "cortexa72 cortexa72-crypto"
 ARMPKGARCH_tune-cortexa72             = "cortexa72"
-ARMPKGARCH_tune-cortexa72-crc         = "cortexa72"
-ARMPKGARCH_tune-cortexa72-crc-crypto  = "cortexa72"
+ARMPKGARCH_tune-cortexa72-crypto      = "cortexa72"
 TUNE_FEATURES_tune-cortexa72          = "${TUNE_FEATURES_tune-armv8a-crc} cortexa72"
-TUNE_FEATURES_tune-cortexa72-crc      = "${TUNE_FEATURES_tune-cortexa72}"
-TUNE_FEATURES_tune-cortexa72-crc-crypto   = "${TUNE_FEATURES_tune-cortexa72} crypto"
+TUNE_FEATURES_tune-cortexa72-crypto   = "${TUNE_FEATURES_tune-cortexa72} crypto"
 PACKAGE_EXTRA_ARCHS_tune-cortexa72        = "${PACKAGE_EXTRA_ARCHS_tune-armv8-crc} cortexa72"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc} cortexa72"
-PACKAGE_EXTRA_ARCHS_tune-cortexa72-crc-crypto    = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72 cortexa72-crc-crypto"
+PACKAGE_EXTRA_ARCHS_tune-cortexa72-crypto = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa72 cortexa72-crypto"
 BASE_LIB_tune-cortexa72            = "lib64"
-BASE_LIB_tune-cortexa72-crc        = "lib64"
-BASE_LIB_tune-cortexa72-crc-crypto = "lib64"
+BASE_LIB_tune-cortexa72-crypto     = "lib64"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 04/17] socat: update SRC_URI
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (2 preceding siblings ...)
  2022-01-27  5:09 ` [hardknott][PATCH 03/17] tune-cortexa72: Drop the redundant cortexa72-crc tune Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 05/17] pigz: fix one failure of command "unpigz -l" Anuj Mittal
                   ` (12 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Mingli Yu <mingli.yu@windriver.com>

The orginal one is unaccessible now.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-connectivity/socat/socat_1.7.4.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
index 5a13af91bc..0a1b65a8ca 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
@@ -9,7 +9,7 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
 
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+SRC_URI = "http://www.dest-unreach.org/socat/download/Archive/socat-${PV}.tar.bz2 \
 "
 
 SRC_URI[md5sum] = "36cad050ecf4981ab044c3fbd75c643f"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 05/17] pigz: fix one failure of command "unpigz -l"
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (3 preceding siblings ...)
  2022-01-27  5:09 ` [hardknott][PATCH 04/17] socat: update SRC_URI Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:09 ` [hardknott][PATCH 06/17] binutils: upgrade binutils-2.36 to latest version Anuj Mittal
                   ` (11 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Changqing Li <changqing.li@windriver.com>

Refer [1], "unpigz -l" failed with error:
$ ./unpigz -l test.txt.gz
compressed original reduced name
228799 209715200 99.9% test.txt
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error

or

$ ./unpigz -l test.txt.gz
unpigz: skipping: test.txt.gz unrecognized format
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error

[1] https://github.com/madler/pigz/issues/96

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...0001-Fix-bug-when-combining-l-with-d.patch | 50 +++++++++++++++++++
 meta/recipes-extended/pigz/pigz_2.6.bb        |  3 +-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch

diff --git a/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
new file mode 100644
index 0000000000..9c301f2054
--- /dev/null
+++ b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
@@ -0,0 +1,50 @@
+From 65986f3d12d434b9bc428ceb6fcb1f6eeeb2c47d Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 17 Jan 2022 15:36:56 +0800
+Subject: [PATCH] Fix bug when combining -l with -d.
+
+Though it makes no sense to do pigz -ld, that is implicit when
+doing unpigz -l. This commit fixes a bug for that combination.
+
+Upstream-Status: Backport [https://github.com/madler/pigz/commit/326bba44aa102c707dd6ebcd2fc3f413b3119db0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ pigz.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/pigz.c b/pigz.c
+index f90157f..d648216 100644
+--- a/pigz.c
++++ b/pigz.c
+@@ -4007,6 +4007,13 @@ local void process(char *path) {
+     }
+     SET_BINARY_MODE(g.ind);
+ 
++    // if requested, just list information about the input file
++    if (g.list && g.decode != 2) {
++        list_info();
++        load_end();
++        return;
++    }
++
+     // if decoding or testing, try to read gzip header
+     if (g.decode) {
+         in_init();
+@@ -4048,13 +4055,6 @@ local void process(char *path) {
+         }
+     }
+ 
+-    // if requested, just list information about input file
+-    if (g.list) {
+-        list_info();
+-        load_end();
+-        return;
+-    }
+-
+     // create output file out, descriptor outd
+     if (path == NULL || g.pipeout) {
+         // write to stdout
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/pigz/pigz_2.6.bb b/meta/recipes-extended/pigz/pigz_2.6.bb
index 05be9b733f..5c0aab55a7 100644
--- a/meta/recipes-extended/pigz/pigz_2.6.bb
+++ b/meta/recipes-extended/pigz/pigz_2.6.bb
@@ -8,7 +8,8 @@ SECTION = "console/utils"
 LICENSE = "Zlib & Apache-2.0"
 LIC_FILES_CHKSUM = "file://pigz.c;md5=9ae6dee8ceba9610596ed0ada493d142;beginline=7;endline=21"
 
-SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz"
+SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz \
+           file://0001-Fix-bug-when-combining-l-with-d.patch"
 SRC_URI[sha256sum] = "2eed7b0d7449d1d70903f2a62cd6005d262eb3a8c9e98687bc8cbb5809db2a7d"
 PROVIDES_class-native += "gzip-native"
 
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 06/17] binutils: upgrade binutils-2.36 to latest version
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (4 preceding siblings ...)
  2022-01-27  5:09 ` [hardknott][PATCH 05/17] pigz: fix one failure of command "unpigz -l" Anuj Mittal
@ 2022-01-27  5:09 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 07/17] gcc: upgrade to gcc-10.3 version Anuj Mittal
                   ` (10 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:09 UTC (permalink / raw)
  To: openembedded-core

From: Pgowda <pgowda.cve@gmail.com>

binutils-2.36 in Hardknott branch has been upgraded to latest version
that includes many bug fixes.
Regression tested on X86-64, Arm and Aarch64 without any new issues.

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../binutils/binutils-2.36.inc                |   5 +-
 .../binutils/0001-CVE-2021-20197.patch        | 201 ------------------
 .../binutils/0001-CVE-2021-42574.patch        |   4 +-
 .../binutils/0002-CVE-2021-20197.patch        | 170 ---------------
 .../binutils/0003-CVE-2021-20197.patch        | 171 ---------------
 5 files changed, 3 insertions(+), 548 deletions(-)
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc b/meta/recipes-devtools/binutils/binutils-2.36.inc
index 9574ddb6e1..fa28358c2d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.36.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.36.inc
@@ -24,7 +24,7 @@ BRANCH ?= "binutils-2_36-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
-SRCREV ?= "7651a4871c225925ffdfda0a8c91a6ed370cd9a1"
+SRCREV ?= "a281816c8aeb12619d34eec8959a43dfa5c6b4ec"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${BRANCH};protocol=git"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
@@ -41,9 +41,6 @@ SRC_URI = "\
      file://0014-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch \
      file://0015-sync-with-OE-libtool-changes.patch \
      file://0016-Check-for-clang-before-checking-gcc-version.patch \
-     file://0001-CVE-2021-20197.patch \
-     file://0002-CVE-2021-20197.patch \
-     file://0003-CVE-2021-20197.patch \
      file://0017-CVE-2021-3530.patch \
      file://0018-CVE-2021-3530.patch \
      file://0001-CVE-2021-42574.patch \
diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
deleted file mode 100644
index 2b4eaba26d..0000000000
--- a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-20197.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-From 8e03235147a9e774d3ba084e93c2da1aa94d1cec Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@gotplt.org>
-Date: Mon, 22 Feb 2021 20:45:50 +0530
-Subject: [PATCH] binutils: Avoid renaming over existing files
-
-Renaming over existing files needs additional care to restore
-permissions and ownership, which may not always succeed.
-Additionally, other properties of the file such as extended attributes
-may be lost, making the operation flaky.
-
-For predictable results, resort to rename() only if the file does not
-exist, otherwise copy the file contents into the existing file.  This
-ensures that no additional tricks are needed to retain file
-properties.
-
-This also allows dropping of the redundant set_times on the tmpfile in
-objcopy/strip since now we no longer rename over existing files.
-
-binutils/
-
-	* ar.c (write_archive): Adjust call to SMART_RENAME.
-	* arsup.c (ar_save): Likewise.
-	* objcopy (strip_main): Don't set times on temporary file and
-	adjust call to SMART_RENAME.
-	(copy_main): Likewise.
-	* rename.c [!S_ISLNK]: Remove definitions.
-	(try_preserve_permissions): Remove function.
-	(smart_rename): Replace PRESERVE_DATES argument with
-	TARGET_STAT.  Use rename system call only if TO does not exist.
-	* bucomm.h (smart_rename): Adjust declaration.
-
-(cherry picked from commit 3685de750e6a091663a0abe42528cad29e960e35)
-
-Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8e03235147a9e774d3ba084e93c2da1aa94d1cec]
-CVE: CVE-2021-20197
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- binutils/ar.c      |  2 +-
- binutils/arsup.c   |  2 +-
- binutils/bucomm.h  |  3 ++-
- binutils/objcopy.c |  8 ++-----
- binutils/rename.c  | 55 +++++++++-------------------------------------
- 6 files changed, 29 insertions(+), 54 deletions(-)
-
-diff --git a/binutils/ar.c b/binutils/ar.c
-index 45a34e3a6cf..3a91708b51c 100644
---- a/binutils/ar.c
-+++ b/binutils/ar.c
-@@ -1308,7 +1308,7 @@ write_archive (bfd *iarch)
-   /* We don't care if this fails; we might be creating the archive.  */
-   bfd_close (iarch);
- 
--  if (smart_rename (new_name, old_name, 0) != 0)
-+  if (smart_rename (new_name, old_name, NULL) != 0)
-     xexit (1);
-   free (old_name);
-   free (new_name);
-diff --git a/binutils/arsup.c b/binutils/arsup.c
-index 5403a0c5d74..0a1f63f6456 100644
---- a/binutils/arsup.c
-+++ b/binutils/arsup.c
-@@ -351,7 +351,7 @@ ar_save (void)
- 
-       bfd_close (obfd);
- 
--      smart_rename (ofilename, real_name, 0);
-+      smart_rename (ofilename, real_name, NULL);
-       obfd = 0;
-       free (ofilename);
-     }
-diff --git a/binutils/bucomm.h b/binutils/bucomm.h
-index 91f6a5b228f..aa7e33d8cd1 100644
---- a/binutils/bucomm.h
-+++ b/binutils/bucomm.h
-@@ -71,7 +71,8 @@ extern void print_version (const char *);
- /* In rename.c.  */
- extern void set_times (const char *, const struct stat *);
- 
--extern int smart_rename (const char *, const char *, int);
-+extern int smart_rename (const char *, const char *, struct stat *);
-+
- 
- /* In libiberty.  */
- void *xmalloc (size_t);
-diff --git a/binutils/objcopy.c b/binutils/objcopy.c
-index eab3b6db585..07a872b5a80 100644
---- a/binutils/objcopy.c
-+++ b/binutils/objcopy.c
-@@ -4861,12 +4861,10 @@ strip_main (int argc, char *argv[])
- 		 output_target, NULL);
-       if (status == 0)
- 	{
--	  if (preserve_dates)
--	    set_times (tmpname, &statbuf);
- 	  if (output_file != tmpname)
- 	    status = (smart_rename (tmpname,
- 				    output_file ? output_file : argv[i],
--				    preserve_dates) != 0);
-+				    preserve_dates ? &statbuf : NULL) != 0);
- 	  if (status == 0)
- 	    status = hold_status;
- 	}
-@@ -5931,11 +5929,9 @@ copy_main (int argc, char *argv[])
- 	     output_target, input_arch);
-   if (status == 0)
-     {
--      if (preserve_dates)
--	set_times (tmpname, &statbuf);
-       if (tmpname != output_filename)
- 	status = (smart_rename (tmpname, input_filename,
--				preserve_dates) != 0);
-+				preserve_dates ? &statbuf : NULL) != 0);
-     }
-   else
-     unlink_if_ordinary (tmpname);
-diff --git a/binutils/rename.c b/binutils/rename.c
-index 65ad5bf52c4..f471b45fd3f 100644
---- a/binutils/rename.c
-+++ b/binutils/rename.c
-@@ -122,20 +122,13 @@ set_times (const char *destination, const struct stat *statbuf)
-     non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno));
- }
- 
--#ifndef S_ISLNK
--#ifdef S_IFLNK
--#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
--#else
--#define S_ISLNK(m) 0
--#define lstat stat
--#endif
--#endif
--
--/* Rename FROM to TO, copying if TO is a link.
--   Return 0 if ok, -1 if error.  */
-+/* Rename FROM to TO, copying if TO exists.  TARGET_STAT has the file status
-+   that, if non-NULL, is used to fix up timestamps after rename.  Return 0 if
-+   ok, -1 if error.  */
- 
- int
--smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNUSED)
-+smart_rename (const char *from, const char *to,
-+	      struct stat *target_stat ATTRIBUTE_UNUSED)
- {
-   bfd_boolean exists;
-   struct stat s;
-@@ -158,38 +151,10 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU
-       unlink (from);
-     }
- #else
--  /* Use rename only if TO is not a symbolic link and has
--     only one hard link, and we have permission to write to it.  */
--  if (! exists
--      || (!S_ISLNK (s.st_mode)
--	  && S_ISREG (s.st_mode)
--	  && (s.st_mode & S_IWUSR)
--	  && s.st_nlink == 1)
--      )
-+  /* Avoid a full copy and use rename if TO does not exist.  */
-+  if (!exists)
-     {
--      ret = rename (from, to);
--      if (ret == 0)
--	{
--	  if (exists)
--	    {
--	      /* Try to preserve the permission bits and ownership of
--		 TO.  First get the mode right except for the setuid
--		 bit.  Then change the ownership.  Then fix the setuid
--		 bit.  We do the chmod before the chown because if the
--		 chown succeeds, and we are a normal user, we won't be
--		 able to do the chmod afterward.  We don't bother to
--		 fix the setuid bit first because that might introduce
--		 a fleeting security problem, and because the chown
--		 will clear the setuid bit anyhow.  We only fix the
--		 setuid bit if the chown succeeds, because we don't
--		 want to introduce an unexpected setuid file owned by
--		 the user running objcopy.  */
--	      chmod (to, s.st_mode & 0777);
--	      if (chown (to, s.st_uid, s.st_gid) >= 0)
--		chmod (to, s.st_mode & 07777);
--	    }
--	}
--      else
-+      if ((ret = rename (from, to)) != 0)
- 	{
- 	  /* We have to clean up here.  */
- 	  non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
-@@ -202,8 +167,8 @@ smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNU
-       if (ret != 0)
- 	non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
- 
--      if (preserve_dates)
--	set_times (to, &s);
-+      if (target_stat != NULL)
-+	set_times (to, target_stat);
-       unlink (from);
-     }
- #endif /* _WIN32 && !__CYGWIN32__ */
--- 
-2.31.1
-
diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
index c93fd770b3..6adc438b5c 100644
--- a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
+++ b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
@@ -50,9 +50,9 @@ diff --git a/binutils/ChangeLog b/binutils/ChangeLog
 +	* testsuite/binutils-all/objdump.highlight.unicode
 +	* testsuite/binutils-all/readelf.invalid.unicode
 +
- 2021-02-09  Alan Modra  <amodra@gmail.com>
+ 2021-04-15  Alan Modra  <amodra@gmail.com>
  
- 	PR 27382
+ 	PR 27456
 diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi
 --- a/binutils/doc/binutils.texi	2021-12-23 03:23:38.441843395 -0800
 +++ b/binutils/doc/binutils.texi	2021-12-23 03:30:31.094968942 -0800
diff --git a/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch b/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
deleted file mode 100644
index 3771f571eb..0000000000
--- a/meta/recipes-devtools/binutils/binutils/0002-CVE-2021-20197.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From d3edaa91d4cf7202ec14342410194841e2f67f12 Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Fri, 26 Feb 2021 11:30:32 +1030
-Subject: [PATCH] Reinstate various pieces backed out from smart_rename changes
-
-In the interests of a stable release various last minute smart_rename
-patches were backed out of the 2.36 branch.  The main reason to
-reinstate some of those backed out changes here is to make necessary
-followup fixes to commit 8e03235147a9 simple cherry-picks from
-mainline.  A secondary reason is that ar -M support isn't fixed for
-pr26945 without this patch.
-
-	PR 26945
-	* ar.c: Don't include libbfd.h.
-	(write_archive): Replace xmalloc+strcpy with xstrdup.
-	* arsup.c (temp_name, real_ofd): New static variables.
-	(ar_open): Use make_tempname and bfd_fdopenw.
-	(ar_save): Adjust to suit ar_open changes.
-	* objcopy.c: Don't include libbfd.h.
-	* rename.c: Rename and reorder variables.
-
-(cherry picked from commit 95b91a043aeaeb546d2fea556d84a2de1e917770)
-
-Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d3edaa91d4cf7202ec14342410194841e2f67f12]
-CVE: CVE-2021-20197
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- binutils/ar.c      |  4 +---
- binutils/arsup.c   | 37 +++++++++++++++++++++++++------------
- binutils/objcopy.c |  1 -
- binutils/rename.c  |  6 +++---
- 5 files changed, 42 insertions(+), 19 deletions(-)
-
-diff --git a/binutils/ar.c b/binutils/ar.c
-index 3a91708b51c..44df48c5c67 100644
---- a/binutils/ar.c
-+++ b/binutils/ar.c
-@@ -25,7 +25,6 @@
- 
- #include "sysdep.h"
- #include "bfd.h"
--#include "libbfd.h"
- #include "libiberty.h"
- #include "progress.h"
- #include "getopt.h"
-@@ -1255,8 +1254,7 @@ write_archive (bfd *iarch)
-   bfd *contents_head = iarch->archive_next;
-   int ofd = -1;
- 
--  old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
--  strcpy (old_name, bfd_get_filename (iarch));
-+  old_name = xstrdup (bfd_get_filename (iarch));
-   new_name = make_tempname (old_name, &ofd);
- 
-   if (new_name == NULL)
-diff --git a/binutils/arsup.c b/binutils/arsup.c
-index 0a1f63f6456..f7ce8f0bc82 100644
---- a/binutils/arsup.c
-+++ b/binutils/arsup.c
-@@ -42,6 +42,8 @@ extern int deterministic;
- 
- static bfd *obfd;
- static char *real_name;
-+static char *temp_name;
-+static int real_ofd;
- static FILE *outfile;
- 
- static void
-@@ -149,27 +151,24 @@ maybequit (void)
- void
- ar_open (char *name, int t)
- {
--  char *tname;
--  const char *bname = lbasename (name);
--  real_name = name;
-+  real_name = xstrdup (name);
-+  temp_name = make_tempname (real_name, &real_ofd);
- 
--  /* Prepend tmp- to the beginning, to avoid file-name clashes after
--     truncation on filesystems with limited namespaces (DOS).  */
--  if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1)
-+  if (temp_name == NULL)
-     {
--      fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"),
-+      fprintf (stderr, _("%s: Can't open temporary file (%s)\n"),
- 	       program_name, strerror(errno));
-       maybequit ();
-       return;
-     }
- 
--  obfd = bfd_openw (tname, NULL);
-+  obfd = bfd_fdopenw (temp_name, NULL, real_ofd);
- 
-   if (!obfd)
-     {
-       fprintf (stderr,
- 	       _("%s: Can't open output archive %s\n"),
--	       program_name,  tname);
-+	       program_name, temp_name);
- 
-       maybequit ();
-     }
-@@ -344,16 +343,30 @@ ar_save (void)
-     }
-   else
-     {
--      char *ofilename = xstrdup (bfd_get_filename (obfd));
-+      struct stat target_stat;
- 
-       if (deterministic > 0)
-         obfd->flags |= BFD_DETERMINISTIC_OUTPUT;
- 
-       bfd_close (obfd);
- 
--      smart_rename (ofilename, real_name, NULL);
-+      if (stat (real_name, &target_stat) != 0)
-+	{
-+	  /* The temp file created in ar_open has mode 0600 as per mkstemp.
-+	     Create the real empty output file here so smart_rename will
-+	     update the mode according to the process umask.  */
-+	  obfd = bfd_openw (real_name, NULL);
-+	  if (obfd != NULL)
-+	    {
-+	      bfd_set_format (obfd, bfd_archive);
-+	      bfd_close (obfd);
-+	    }
-+	}
-+
-+      smart_rename (temp_name, real_name, NULL);
-       obfd = 0;
--      free (ofilename);
-+      free (temp_name);
-+      free (real_name);
-     }
- }
- 
-diff --git a/binutils/objcopy.c b/binutils/objcopy.c
-index 07a872b5a80..73aa8bc2514 100644
---- a/binutils/objcopy.c
-+++ b/binutils/objcopy.c
-@@ -20,7 +20,6 @@
- \f
- #include "sysdep.h"
- #include "bfd.h"
--#include "libbfd.h"
- #include "progress.h"
- #include "getopt.h"
- #include "libiberty.h"
-diff --git a/binutils/rename.c b/binutils/rename.c
-index f471b45fd3f..2ff092ee22b 100644
---- a/binutils/rename.c
-+++ b/binutils/rename.c
-@@ -130,11 +130,11 @@ int
- smart_rename (const char *from, const char *to,
- 	      struct stat *target_stat ATTRIBUTE_UNUSED)
- {
--  bfd_boolean exists;
--  struct stat s;
-   int ret = 0;
-+  struct stat to_stat;
-+  bfd_boolean exists;
- 
--  exists = lstat (to, &s) == 0;
-+  exists = lstat (to, &to_stat) == 0;
- 
- #if defined (_WIN32) && !defined (__CYGWIN32__)
-   /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
--- 
-2.31.1
-
diff --git a/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch b/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch
deleted file mode 100644
index 082b28b29c..0000000000
--- a/meta/recipes-devtools/binutils/binutils/0003-CVE-2021-20197.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From 8b69e61d4be276bb862698aaafddc3e779d23c8f Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Tue, 23 Feb 2021 09:37:39 +1030
-Subject: [PATCH] PR27456, lstat in rename.c on MinGW
-
-	PR 27456
-	* rename.c: Tidy throughout.
-	(smart_rename): Always copy.  Remove windows specific code.
-
-(cherry picked from commit cca8873dd5a6015d5557ea44bc1ea9c252435a29)
-
-Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b69e61d4be276bb862698aaafddc3e779d23c8f]
-CVE: CVE-2021-20197
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- binutils/rename.c  | 111 ++++++++++++++-------------------------------
- 2 files changed, 40 insertions(+), 76 deletions(-)
-
-diff --git a/binutils/rename.c b/binutils/rename.c
-index 2ff092ee22b..72a9323d72c 100644
---- a/binutils/rename.c
-+++ b/binutils/rename.c
-@@ -24,14 +24,9 @@
- 
- #ifdef HAVE_GOOD_UTIME_H
- #include <utime.h>
--#else /* ! HAVE_GOOD_UTIME_H */
--#ifdef HAVE_UTIMES
-+#elif defined HAVE_UTIMES
- #include <sys/time.h>
--#endif /* HAVE_UTIMES */
--#endif /* ! HAVE_GOOD_UTIME_H */
--
--#if ! defined (_WIN32) || defined (__CYGWIN32__)
--static int simple_copy (const char *, const char *);
-+#endif
- 
- /* The number of bytes to copy at once.  */
- #define COPY_BUF 8192
-@@ -82,7 +77,6 @@ simple_copy (const char *from, const char *to)
-     }
-   return 0;
- }
--#endif /* __CYGWIN32__ or not _WIN32 */
- 
- /* Set the times of the file DESTINATION to be the same as those in
-    STATBUF.  */
-@@ -91,87 +85,52 @@ void
- set_times (const char *destination, const struct stat *statbuf)
- {
-   int result;
--
--  {
- #ifdef HAVE_GOOD_UTIME_H
--    struct utimbuf tb;
--
--    tb.actime = statbuf->st_atime;
--    tb.modtime = statbuf->st_mtime;
--    result = utime (destination, &tb);
--#else /* ! HAVE_GOOD_UTIME_H */
--#ifndef HAVE_UTIMES
--    long tb[2];
--
--    tb[0] = statbuf->st_atime;
--    tb[1] = statbuf->st_mtime;
--    result = utime (destination, tb);
--#else /* HAVE_UTIMES */
--    struct timeval tv[2];
--
--    tv[0].tv_sec = statbuf->st_atime;
--    tv[0].tv_usec = 0;
--    tv[1].tv_sec = statbuf->st_mtime;
--    tv[1].tv_usec = 0;
--    result = utimes (destination, tv);
--#endif /* HAVE_UTIMES */
--#endif /* ! HAVE_GOOD_UTIME_H */
--  }
-+  struct utimbuf tb;
-+
-+  tb.actime = statbuf->st_atime;
-+  tb.modtime = statbuf->st_mtime;
-+  result = utime (destination, &tb);
-+#elif defined HAVE_UTIMES
-+  struct timeval tv[2];
-+
-+  tv[0].tv_sec = statbuf->st_atime;
-+  tv[0].tv_usec = 0;
-+  tv[1].tv_sec = statbuf->st_mtime;
-+  tv[1].tv_usec = 0;
-+  result = utimes (destination, tv);
-+#else
-+  long tb[2];
-+
-+  tb[0] = statbuf->st_atime;
-+  tb[1] = statbuf->st_mtime;
-+  result = utime (destination, tb);
-+#endif
- 
-   if (result != 0)
-     non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno));
- }
- 
--/* Rename FROM to TO, copying if TO exists.  TARGET_STAT has the file status
--   that, if non-NULL, is used to fix up timestamps after rename.  Return 0 if
--   ok, -1 if error.  */
-+/* Copy FROM to TO.  TARGET_STAT has the file status that, if non-NULL,
-+   is used to fix up timestamps.  Return 0 if ok, -1 if error.
-+   At one time this function renamed files, but file permissions are
-+   tricky to update given the number of different schemes used by
-+   various systems.  So now we just copy.  */
- 
- int
- smart_rename (const char *from, const char *to,
--	      struct stat *target_stat ATTRIBUTE_UNUSED)
-+	      struct stat *target_stat)
- {
--  int ret = 0;
--  struct stat to_stat;
--  bfd_boolean exists;
--
--  exists = lstat (to, &to_stat) == 0;
--
--#if defined (_WIN32) && !defined (__CYGWIN32__)
--  /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
--     fail instead.  Also, chown is not present.  */
--
--  if (exists)
--    remove (to);
-+  int ret;
- 
--  ret = rename (from, to);
-+  ret = simple_copy (from, to);
-   if (ret != 0)
--    {
--      /* We have to clean up here.  */
--      non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
--      unlink (from);
--    }
--#else
--  /* Avoid a full copy and use rename if TO does not exist.  */
--  if (!exists)
--    {
--      if ((ret = rename (from, to)) != 0)
--	{
--	  /* We have to clean up here.  */
--	  non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
--	  unlink (from);
--	}
--    }
--  else
--    {
--      ret = simple_copy (from, to);
--      if (ret != 0)
--	non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
-+    non_fatal (_("unable to copy file '%s'; reason: %s"),
-+	       to, strerror (errno));
- 
--      if (target_stat != NULL)
--	set_times (to, target_stat);
--      unlink (from);
--    }
--#endif /* _WIN32 && !__CYGWIN32__ */
-+  if (target_stat != NULL)
-+    set_times (to, target_stat);
-+  unlink (from);
- 
-   return ret;
- }
--- 
-2.31.1
-
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 07/17] gcc: upgrade to gcc-10.3 version
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (5 preceding siblings ...)
  2022-01-27  5:09 ` [hardknott][PATCH 06/17] binutils: upgrade binutils-2.36 to latest version Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 08/17] glibc: upgrade glibc-2.33 to latest version Anuj Mittal
                   ` (9 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Pgowda <pgowda.cve@gmail.com>

gcc-10.2 in Hardknott branch has been upgraded to gcc-10.3 version
that includes many bug fixes.
Regression tested on X86-64, Arm and Aarch64 without issues.

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/conf/distro/include/maintainers.inc      |   2 +-
 .../gcc/{gcc-10.2.inc => gcc-10.3.inc}        |  12 +-
 ...ian_10.2.bb => gcc-cross-canadian_10.3.bb} |   0
 .../{gcc-cross_10.2.bb => gcc-cross_10.3.bb}  |   0
 ...-crosssdk_10.2.bb => gcc-crosssdk_10.3.bb} |   0
 ...cc-runtime_10.2.bb => gcc-runtime_10.3.bb} |   0
 ...itizers_10.2.bb => gcc-sanitizers_10.3.bb} |   0
 ...{gcc-source_10.2.bb => gcc-source_10.3.bb} |   0
 .../gcc/gcc/0001-CVE-2021-35465.patch         |  22 +-
 ...-up-__aarch64_cas16_acq_rel-fallback.patch |  66 --
 ...ight-Line-Speculation-SLS-mitigation.patch | 202 ------
 ...e-SLS-mitigation-for-RET-and-BR-inst.patch | 607 ----------------
 ...h64-Mitigate-SLS-for-BLR-instruction.patch | 658 ------------------
 ...gcc-Fix-argument-list-too-long-error.patch |   5 +-
 ...Re-introduce-spe-commandline-options.patch |   2 +-
 ...ngw32-Enable-operation_not_supported.patch |   4 +-
 .../gcc/0038-arm-neoverse-n2-support.patch    |  88 ---
 .../gcc/0039-arm64-neoverse-n2-support.patch  |  60 --
 .../gcc/{gcc_10.2.bb => gcc_10.3.bb}          |   0
 ...initial_10.2.bb => libgcc-initial_10.3.bb} |   0
 .../gcc/{libgcc_10.2.bb => libgcc_10.3.bb}    |   0
 ...ibgfortran_10.2.bb => libgfortran_10.3.bb} |   0
 22 files changed, 20 insertions(+), 1708 deletions(-)
 rename meta/recipes-devtools/gcc/{gcc-10.2.inc => gcc-10.3.inc} (90%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_10.2.bb => gcc-cross-canadian_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-cross_10.2.bb => gcc-cross_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-crosssdk_10.2.bb => gcc-crosssdk_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-runtime_10.2.bb => gcc-runtime_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-sanitizers_10.2.bb => gcc-sanitizers_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-source_10.2.bb => gcc-source_10.3.bb} (100%)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0038-arm-neoverse-n2-support.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0039-arm64-neoverse-n2-support.patch
 rename meta/recipes-devtools/gcc/{gcc_10.2.bb => gcc_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc-initial_10.2.bb => libgcc-initial_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc_10.2.bb => libgcc_10.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgfortran_10.2.bb => libgfortran_10.3.bb} (100%)

diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 5d453a6fcd..5064ee6b79 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -191,7 +191,7 @@ RECIPE_MAINTAINER_pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
 RECIPE_MAINTAINER_pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER_pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER_pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER_pn-gcc-source-10.2.0 = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER_pn-gcc-source-10.3.0 = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER_pn-gconf = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER_pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-gdb = "Khem Raj <raj.khem@gmail.com>"
diff --git a/meta/recipes-devtools/gcc/gcc-10.2.inc b/meta/recipes-devtools/gcc/gcc-10.3.inc
similarity index 90%
rename from meta/recipes-devtools/gcc/gcc-10.2.inc
rename to meta/recipes-devtools/gcc/gcc-10.3.inc
index e7e3395c55..1fdfcced8e 100644
--- a/meta/recipes-devtools/gcc/gcc-10.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-10.3.inc
@@ -2,11 +2,11 @@ require gcc-common.inc
 
 # Third digit in PV should be incremented after a minor release
 
-PV = "10.2.0"
+PV = "10.3.0"
 
 # BINV should be incremented to a revision after a minor gcc release
 
-BINV = "10.2.0"
+BINV = "10.3.0"
 
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
 
@@ -65,24 +65,18 @@ SRC_URI = "\
            file://0035-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \
            file://0036-mingw32-Enable-operation_not_supported.patch \
            file://0037-libatomic-Do-not-enforce-march-on-aarch64.patch \
-           file://0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch \
-           file://0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch \
-           file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \
-           file://0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch \
            file://0001-libatomic-libgomp-libitc-Fix-bootstrap-PR70454.patch \
            file://0001-CVE-2021-35465.patch \
            file://0002-CVE-2021-35465.patch \
            file://0003-CVE-2021-35465.patch \
            file://0004-CVE-2021-35465.patch \
-           file://0038-arm-neoverse-n2-support.patch \
-           file://0039-arm64-neoverse-n2-support.patch \
            file://0001-CVE-2021-42574.patch \
            file://0002-CVE-2021-42574.patch \
            file://0003-CVE-2021-42574.patch \
            file://0004-CVE-2021-42574.patch \
            file://0005-CVE-2021-42574.patch \
 "
-SRC_URI[sha256sum] = "b8dd4368bb9c7f0b98188317ee0254dd8cc99d1e3a18d0ff146c855fe16c1d8c"
+SRC_URI[sha256sum] = "64f404c1a650f27fc33da242e1f2df54952e3963a49e06e73f6940f3223ac344"
 
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
 # For dev release snapshotting
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_10.2.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross-canadian_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-cross-canadian_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross_10.2.bb b/meta/recipes-devtools/gcc/gcc-cross_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-cross_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_10.2.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-crosssdk_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-crosssdk_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_10.2.bb b/meta/recipes-devtools/gcc/gcc-runtime_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-runtime_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-runtime_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_10.2.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-sanitizers_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-sanitizers_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_10.2.bb b/meta/recipes-devtools/gcc/gcc-source_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-source_10.2.bb
rename to meta/recipes-devtools/gcc/gcc-source_10.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
index b9bca49dd8..4d7c7e3f18 100644
--- a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
+++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
@@ -33,7 +33,7 @@ Signed-off-by: Pgowda <pgowda.cve@gmail.com>
 diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
 --- a/gcc/config/arm/arm.c	2020-07-22 23:35:17.344384552 -0700
 +++ b/gcc/config/arm/arm.c	2021-11-11 20:16:19.761241867 -0800
-@@ -3595,6 +3595,15 @@ arm_option_override (void)
+@@ -3610,6 +3610,15 @@ arm_option_override (void)
  	fix_cm3_ldrd = 0;
      }
  
@@ -52,7 +52,7 @@ diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
 diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
 --- a/gcc/config/arm/arm-cpus.in	2020-07-22 23:35:17.340384509 -0700
 +++ b/gcc/config/arm/arm-cpus.in	2021-11-11 20:17:01.364573561 -0800
-@@ -190,6 +190,9 @@ define feature quirk_armv6kz
+@@ -186,6 +186,9 @@ define feature quirk_armv6kz
  # Cortex-M3 LDRD quirk.
  define feature quirk_cm3_ldrd
  
@@ -62,7 +62,7 @@ diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
  # Don't use .cpu assembly directive
  define feature quirk_no_asmcpu
  
-@@ -314,7 +317,7 @@ define fgroup DOTPROD	NEON dotprod
+@@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_F
  # architectures.
  # xscale isn't really a 'quirk', but it isn't an architecture either and we
  # need to ignore it for matching purposes.
@@ -71,7 +71,7 @@ diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
  
  # Architecture entries
  # format:
-@@ -1492,6 +1495,7 @@ begin cpu cortex-m33
+@@ -1524,6 +1527,7 @@ begin cpu cortex-m33
   architecture armv8-m.main+dsp+fp
   option nofp remove ALL_FP
   option nodsp remove armv7em
@@ -79,7 +79,7 @@ diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
   costs v7m
  end cpu cortex-m33
  
-@@ -1501,6 +1505,7 @@ begin cpu cortex-m35p
+@@ -1533,6 +1537,7 @@ begin cpu cortex-m35p
   architecture armv8-m.main+dsp+fp
   option nofp remove ALL_FP
   option nodsp remove armv7em
@@ -87,10 +87,10 @@ diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
   costs v7m
  end cpu cortex-m35p
  
-@@ -1508,7 +1513,7 @@ begin cpu cortex-m55
-  cname cortexm55
-  tune flags LDSCHED
-  architecture armv8.1-m.main+mve.fp+fp.dp
+@@ -1544,7 +1549,7 @@ begin cpu cortex-m55
+  option nomve remove mve mve_float
+  option nofp remove ALL_FP mve_float
+  option nodsp remove MVE mve_float
 - isa quirk_no_asmcpu
 + isa quirk_no_asmcpu quirk_vlldm
   costs v7m
@@ -113,7 +113,7 @@ diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
 diff -upr a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
 --- a/gcc/doc/invoke.texi	2021-11-11 19:30:56.264523105 -0800
 +++ b/gcc/doc/invoke.texi	2021-11-11 20:16:19.769241739 -0800
-@@ -773,6 +773,7 @@ Objective-C and Objective-C++ Dialects}.
+@@ -774,6 +774,7 @@ Objective-C and Objective-C++ Dialects}.
  -mverbose-cost-dump @gol
  -mpure-code @gol
  -mcmse @gol
@@ -121,7 +121,7 @@ diff -upr a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
  -mfdpic}
  
  @emph{AVR Options}
-@@ -21233,6 +21234,14 @@ Use multiply and add/subtract instructio
+@@ -21266,6 +21267,14 @@ Use multiply and add/subtract instructio
  
  Do not use multiply and add/subtract instructions.
  
diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch
deleted file mode 100644
index c060accd99..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From fd2ec4542fd2975e6d3f2f1c1a2639945a84f9e1 Mon Sep 17 00:00:00 2001
-From: Jakub Jelinek <jakub@redhat.com>
-Date: Mon, 3 Aug 2020 22:55:28 +0200
-Subject: [PATCH] aarch64: Fix up __aarch64_cas16_acq_rel fallback
-
-As mentioned in the PR, the fallback path when LSE is unavailable writes
-incorrect registers to the memory if the previous content compares equal
-to x0, x1 - it writes copy of x0, x1 from the start of function, but it
-should write x2, x3.
-
-2020-08-03  Jakub Jelinek  <jakub@redhat.com>
-
-	PR target/96402
-	* config/aarch64/lse.S (__aarch64_cas16_acq_rel): Use x2, x3 instead
-	of x(tmp0), x(tmp1) in STXP arguments.
-
-	* gcc.target/aarch64/pr96402.c: New test.
-
-(cherry picked from commit 90b43856fdff7d96d93d22970eca8a86c56e0ddc)
----
- gcc/testsuite/gcc.target/aarch64/pr96402.c | 16 ++++++++++++++++
- libgcc/config/aarch64/lse.S                |  2 +-
- 2 files changed, 17 insertions(+), 1 deletion(-)
- create mode 100644 gcc/testsuite/gcc.target/aarch64/pr96402.c
-
-diff --git a/gcc/testsuite/gcc.target/aarch64/pr96402.c b/gcc/testsuite/gcc.target/aarch64/pr96402.c
-new file mode 100644
-index 00000000000..fa2dddfac15
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/pr96402.c
-@@ -0,0 +1,16 @@
-+/* PR target/96402 */
-+/* { dg-do run { target int128 } } */
-+/* { dg-options "-moutline-atomics" } */
-+
-+int
-+main ()
-+{
-+  __int128 a = 0;
-+  __sync_val_compare_and_swap (&a, (__int128) 0, (__int128) 1);
-+  if (a != 1)
-+    __builtin_abort ();
-+  __sync_val_compare_and_swap (&a, (__int128) 1, (((__int128) 0xdeadbeeffeedbac1ULL) << 64) | 0xabadcafe00c0ffeeULL);
-+  if (a != ((((__int128) 0xdeadbeeffeedbac1ULL) << 64) | 0xabadcafe00c0ffeeULL))
-+    __builtin_abort ();
-+  return 0;
-+}
-diff --git a/libgcc/config/aarch64/lse.S b/libgcc/config/aarch64/lse.S
-index 64691c601c1..c8fbfbce4fd 100644
---- a/libgcc/config/aarch64/lse.S
-+++ b/libgcc/config/aarch64/lse.S
-@@ -203,7 +203,7 @@ STARTFN	NAME(cas)
- 	cmp		x0, x(tmp0)
- 	ccmp		x1, x(tmp1), #0, eq
- 	bne		1f
--	STXP		w(tmp2), x(tmp0), x(tmp1), [x4]
-+	STXP		w(tmp2), x2, x3, [x4]
- 	cbnz		w(tmp2), 0b
- 1:	ret
- 
--- 
-2.26.2
-
diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
deleted file mode 100644
index 73de4c7590..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-CVE: CVE-2020-13844
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 1ff243934ac443b5f58cd02a5012ce58ecc31fb2 Mon Sep 17 00:00:00 2001
-From: Matthew Malcomson <matthew.malcomson@arm.com>
-Date: Thu, 9 Jul 2020 09:11:58 +0100
-Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation
- flags
-
-Here we introduce the flags that will be used for straight line speculation.
-
-The new flag introduced is `-mharden-sls=`.
-This flag can take arguments of `none`, `all`, or a comma seperated list of one
-or more of `retbr` or `blr`.
-`none` indicates no special mitigation of the straight line speculation
-vulnerability.
-`all` requests all mitigations currently implemented.
-`retbr` requests that the RET and BR instructions have a speculation barrier
-inserted after them.
-`blr` requests that BLR instructions are replaced by a BL to a function stub
-using a BR with a speculation barrier after it.
-
-Setting this on a per-function basis using attributes or the like is not
-enabled, but may be in the future.
-
-gcc/ChangeLog:
-
-2020-06-02  Matthew Malcomson  <matthew.malcomson@arm.com>
-
-	* config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
-	New.
-	(aarch64_harden_sls_blr_p): New.
-	* config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
-	New.
-	(aarch64_harden_sls_retbr_p): New.
-	(aarch64_harden_sls_blr_p): New.
-	(aarch64_validate_sls_mitigation): New.
-	(aarch64_override_options): Parse options for SLS mitigation.
-	* config/aarch64/aarch64.opt (-mharden-sls): New option.
-	* doc/invoke.texi: Document new option.
----
- gcc/config/aarch64/aarch64-protos.h |  3 ++
- gcc/config/aarch64/aarch64.c        | 76 +++++++++++++++++++++++++++++++++++++
- gcc/config/aarch64/aarch64.opt      |  4 ++
- gcc/doc/invoke.texi                 | 12 ++++++
- 4 files changed, 95 insertions(+)
-
-diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
-index 723d9ba..eb5f4b4 100644
---- a/gcc/config/aarch64/aarch64-protos.h
-+++ b/gcc/config/aarch64/aarch64-protos.h
-@@ -781,4 +781,7 @@ extern const atomic_ool_names aarch64_ool_ldeor_names;
- 
- tree aarch64_resolve_overloaded_builtin_general (location_t, tree, void *);
- 
-+extern bool aarch64_harden_sls_retbr_p (void);
-+extern bool aarch64_harden_sls_blr_p (void);
-+
- #endif /* GCC_AARCH64_PROTOS_H */
-diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
-index b86434a..437a9cf 100644
---- a/gcc/config/aarch64/aarch64.c
-+++ b/gcc/config/aarch64/aarch64.c
-@@ -14494,6 +14494,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res,
-   return false;
- }
- 
-+/* Straight line speculation indicators.  */
-+enum aarch64_sls_hardening_type
-+{
-+  SLS_NONE = 0,
-+  SLS_RETBR = 1,
-+  SLS_BLR = 2,
-+  SLS_ALL = 3,
-+};
-+static enum aarch64_sls_hardening_type aarch64_sls_hardening;
-+
-+/* Return whether we should mitigatate Straight Line Speculation for the RET
-+   and BR instructions.  */
-+bool
-+aarch64_harden_sls_retbr_p (void)
-+{
-+  return aarch64_sls_hardening & SLS_RETBR;
-+}
-+
-+/* Return whether we should mitigatate Straight Line Speculation for the BLR
-+   instruction.  */
-+bool
-+aarch64_harden_sls_blr_p (void)
-+{
-+  return aarch64_sls_hardening & SLS_BLR;
-+}
-+
-+/* As of yet we only allow setting these options globally, in the future we may
-+   allow setting them per function.  */
-+static void
-+aarch64_validate_sls_mitigation (const char *const_str)
-+{
-+  char *token_save = NULL;
-+  char *str = NULL;
-+
-+  if (strcmp (const_str, "none") == 0)
-+    {
-+      aarch64_sls_hardening = SLS_NONE;
-+      return;
-+    }
-+  if (strcmp (const_str, "all") == 0)
-+    {
-+      aarch64_sls_hardening = SLS_ALL;
-+      return;
-+    }
-+
-+  char *str_root = xstrdup (const_str);
-+  str = strtok_r (str_root, ",", &token_save);
-+  if (!str)
-+    error ("invalid argument given to %<-mharden-sls=%>");
-+
-+  int temp = SLS_NONE;
-+  while (str)
-+    {
-+      if (strcmp (str, "blr") == 0)
-+	temp |= SLS_BLR;
-+      else if (strcmp (str, "retbr") == 0)
-+	temp |= SLS_RETBR;
-+      else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0)
-+	{
-+	  error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
-+	  break;
-+	}
-+      else
-+	{
-+	  error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
-+	  break;
-+	}
-+      str = strtok_r (NULL, ",", &token_save);
-+    }
-+  aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
-+  free (str_root);
-+}
-+
- /* Parses CONST_STR for branch protection features specified in
-    aarch64_branch_protect_types, and set any global variables required.  Returns
-    the parsing result and assigns LAST_STR to the last processed token from
-@@ -14738,6 +14811,9 @@ aarch64_override_options (void)
-   selected_arch = NULL;
-   selected_tune = NULL;
- 
-+  if (aarch64_harden_sls_string)
-+    aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
-+
-   if (aarch64_branch_protection_string)
-     aarch64_validate_mbranch_protection (aarch64_branch_protection_string);
- 
-diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
-index d99d14c..5170361 100644
---- a/gcc/config/aarch64/aarch64.opt
-+++ b/gcc/config/aarch64/aarch64.opt
-@@ -71,6 +71,10 @@ mgeneral-regs-only
- Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
- Generate code which uses only the general registers.
- 
-+mharden-sls=
-+Target RejectNegative Joined Var(aarch64_harden_sls_string)
-+Generate code to mitigate against straight line speculation.
-+
- mfix-cortex-a53-835769
- Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
- Workaround for ARM Cortex-A53 Erratum number 835769.
-diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
-index a2794a6..bd5b77a 100644
---- a/gcc/doc/invoke.texi
-+++ b/gcc/doc/invoke.texi
-@@ -696,6 +696,7 @@ Objective-C and Objective-C++ Dialects}.
- -msign-return-address=@var{scope} @gol
- -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
- +@var{b-key}]|@var{bti} @gol
-+-mharden-sls=@var{opts} @gol
- -march=@var{name}  -mcpu=@var{name}  -mtune=@var{name}  @gol
- -moverride=@var{string}  -mverbose-cost-dump @gol
- -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
-@@ -17065,6 +17066,17 @@ functions.  The optional argument @samp{b-key} can be used to sign the functions
- with the B-key instead of the A-key.
- @samp{bti} turns on branch target identification mechanism.
- 
-+@item -mharden-sls=@var{opts}
-+@opindex mharden-sls
-+Enable compiler hardening against straight line speculation (SLS).
-+@var{opts} is a comma-separated list of the following options:
-+@table @samp
-+@item retbr
-+@item blr
-+@end table
-+In addition, @samp{-mharden-sls=all} enables all SLS hardening while
-+@samp{-mharden-sls=none} disables all SLS hardening.
-+
- @item -msve-vector-bits=@var{bits}
- @opindex msve-vector-bits
- Specify the number of bits in an SVE vector register.  This option only has
--- 
-2.7.4
-
diff --git a/meta/recipes-devtools/gcc/gcc/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch b/meta/recipes-devtools/gcc/gcc/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
deleted file mode 100644
index 823cc8b668..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
+++ /dev/null
@@ -1,607 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From b1204d16e1ec96a4aa89e44de8990e2499ffdb22 Mon Sep 17 00:00:00 2001
-From: Matthew Malcomson <matthew.malcomson@arm.com>
-Date: Thu, 9 Jul 2020 09:11:59 +0100
-Subject: [PATCH 2/3] aarch64: Introduce SLS mitigation for RET and BR
- instructions
-
-Instructions following RET or BR are not necessarily executed.  In order
-to avoid speculation past RET and BR we can simply append a speculation
-barrier.
-
-Since these speculation barriers will not be architecturally executed,
-they are not expected to add a high performance penalty.
-
-The speculation barrier is to be SB when targeting architectures which
-have this enabled, and DSB SY + ISB otherwise.
-
-We add tests for each of the cases where such an instruction was seen.
-
-This is implemented by modifying each machine description pattern that
-emits either a RET or a BR instruction.  We choose not to use something
-like `TARGET_ASM_FUNCTION_EPILOGUE` since it does not affect the
-`indirect_jump`, `jump`, `sibcall_insn` and `sibcall_value_insn`
-patterns and we find it preferable to implement the functionality in the
-same way for every pattern.
-
-There is one particular case which is slightly tricky.  The
-implementation of TARGET_ASM_TRAMPOLINE_TEMPLATE uses a BR which needs
-to be mitigated against.  The trampoline template is used *once* per
-compilation unit, and the TRAMPOLINE_SIZE is exposed to the user via the
-builtin macro __LIBGCC_TRAMPOLINE_SIZE__.
-In the future we may implement function specific attributes to turn on
-and off hardening on a per-function basis.
-The fixed nature of the trampoline described above implies it will be
-safer to ensure this speculation barrier is always used.
-
-Testing:
-  Bootstrap and regtest done on aarch64-none-linux
-  Used a temporary hack(1) to use these options on every test in the
-  testsuite and a script to check that the output never emitted an
-  unmitigated RET or BR.
-
-1) Temporary hack was a change to the testsuite to always use
-`-save-temps` and run a script on the assembly output of those
-compilations which produced one to ensure every RET or BR is immediately
-followed by a speculation barrier.
-
-gcc/ChangeLog:
-
-	* config/aarch64/aarch64-protos.h (aarch64_sls_barrier): New.
-	* config/aarch64/aarch64.c (aarch64_output_casesi): Emit
-	speculation barrier after BR instruction if needs be.
-	(aarch64_trampoline_init): Handle ptr_mode value & adjust size
-	of code copied.
-	(aarch64_sls_barrier): New.
-	(aarch64_asm_trampoline_template): Add needed barriers.
-	* config/aarch64/aarch64.h (AARCH64_ISA_SB): New.
-	(TARGET_SB): New.
-	(TRAMPOLINE_SIZE): Account for barrier.
-	* config/aarch64/aarch64.md (indirect_jump, *casesi_dispatch,
-	simple_return, *do_return, *sibcall_insn, *sibcall_value_insn):
-	Emit barrier if needs be, also account for possible barrier using
-	"sls_length" attribute.
-	(sls_length): New attribute.
-	(length): Determine default using any non-default sls_length
-	value.
-
-gcc/testsuite/ChangeLog:
-
-	* gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c: New test.
-	* gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c:
-	New test.
-	* gcc.target/aarch64/sls-mitigation/sls-mitigation.exp: New file.
-	* lib/target-supports.exp (check_effective_target_aarch64_asm_sb_ok):
-	New proc.
----
- gcc/config/aarch64/aarch64-protos.h                |   1 +
- gcc/config/aarch64/aarch64.c                       |  41 ++++++-
- gcc/config/aarch64/aarch64.h                       |  10 +-
- gcc/config/aarch64/aarch64.md                      |  76 +++++++++----
- .../aarch64/sls-mitigation/sls-miti-retbr-pacret.c |  21 ++++
- .../aarch64/sls-mitigation/sls-miti-retbr.c        | 119 +++++++++++++++++++++
- .../aarch64/sls-mitigation/sls-mitigation.exp      |  73 +++++++++++++
- gcc/testsuite/lib/target-supports.exp              |   2 +-
- 8 files changed, 318 insertions(+), 25 deletions(-)
- create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
- create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
- create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
-
-diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
-index eb5f4b4..ee0ffde 100644
---- a/gcc/config/aarch64/aarch64-protos.h
-+++ b/gcc/config/aarch64/aarch64-protos.h
-@@ -781,6 +781,7 @@ extern const atomic_ool_names aarch64_ool_ldeor_names;
- 
- tree aarch64_resolve_overloaded_builtin_general (location_t, tree, void *);
- 
-+const char *aarch64_sls_barrier (int);
- extern bool aarch64_harden_sls_retbr_p (void);
- extern bool aarch64_harden_sls_blr_p (void);
- 
-diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
-index 437a9cf..44e3d1f 100644
---- a/gcc/config/aarch64/aarch64.c
-+++ b/gcc/config/aarch64/aarch64.c
-@@ -10852,8 +10852,8 @@ aarch64_return_addr (int count, rtx frame ATTRIBUTE_UNUSED)
- static void
- aarch64_asm_trampoline_template (FILE *f)
- {
--  int offset1 = 16;
--  int offset2 = 20;
-+  int offset1 = 24;
-+  int offset2 = 28;
- 
-   if (aarch64_bti_enabled ())
-     {
-@@ -10876,6 +10876,17 @@ aarch64_asm_trampoline_template (FILE *f)
-     }
-   asm_fprintf (f, "\tbr\t%s\n", reg_names [IP1_REGNUM]);
- 
-+  /* We always emit a speculation barrier.
-+     This is because the same trampoline template is used for every nested
-+     function.  Since nested functions are not particularly common or
-+     performant we don't worry too much about the extra instructions to copy
-+     around.
-+     This is not yet a problem, since we have not yet implemented function
-+     specific attributes to choose between hardening against straight line
-+     speculation or not, but such function specific attributes are likely to
-+     happen in the future.  */
-+  asm_fprintf (f, "\tdsb\tsy\n\tisb\n");
-+
-   /* The trampoline needs an extra padding instruction.  In case if BTI is
-      enabled the padding instruction is replaced by the BTI instruction at
-      the beginning.  */
-@@ -10890,10 +10901,14 @@ static void
- aarch64_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
- {
-   rtx fnaddr, mem, a_tramp;
--  const int tramp_code_sz = 16;
-+  const int tramp_code_sz = 24;
- 
-   /* Don't need to copy the trailing D-words, we fill those in below.  */
--  emit_block_move (m_tramp, assemble_trampoline_template (),
-+  /* We create our own memory address in Pmode so that `emit_block_move` can
-+     use parts of the backend which expect Pmode addresses.  */
-+  rtx temp = convert_memory_address (Pmode, XEXP (m_tramp, 0));
-+  emit_block_move (gen_rtx_MEM (BLKmode, temp),
-+		   assemble_trampoline_template (),
- 		   GEN_INT (tramp_code_sz), BLOCK_OP_NORMAL);
-   mem = adjust_address (m_tramp, ptr_mode, tramp_code_sz);
-   fnaddr = XEXP (DECL_RTL (fndecl), 0);
-@@ -11084,6 +11099,8 @@ aarch64_output_casesi (rtx *operands)
-   output_asm_insn (buf, operands);
-   output_asm_insn (patterns[index][1], operands);
-   output_asm_insn ("br\t%3", operands);
-+  output_asm_insn (aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()),
-+		   operands);
-   assemble_label (asm_out_file, label);
-   return "";
- }
-@@ -22924,6 +22941,22 @@ aarch64_file_end_indicate_exec_stack ()
- #undef GNU_PROPERTY_AARCH64_FEATURE_1_BTI
- #undef GNU_PROPERTY_AARCH64_FEATURE_1_AND
- 
-+/* Helper function for straight line speculation.
-+   Return what barrier should be emitted for straight line speculation
-+   mitigation.
-+   When not mitigating against straight line speculation this function returns
-+   an empty string.
-+   When mitigating against straight line speculation, use:
-+   * SB when the v8.5-A SB extension is enabled.
-+   * DSB+ISB otherwise.  */
-+const char *
-+aarch64_sls_barrier (int mitigation_required)
-+{
-+  return mitigation_required
-+    ? (TARGET_SB ? "sb" : "dsb\tsy\n\tisb")
-+    : "";
-+}
-+
- /* Target-specific selftests.  */
- 
- #if CHECKING_P
-diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
-index 1ce23c6..c21015f 100644
---- a/gcc/config/aarch64/aarch64.h
-+++ b/gcc/config/aarch64/aarch64.h
-@@ -281,6 +281,7 @@ extern unsigned aarch64_architecture_version;
- #define AARCH64_ISA_F32MM	   (aarch64_isa_flags & AARCH64_FL_F32MM)
- #define AARCH64_ISA_F64MM	   (aarch64_isa_flags & AARCH64_FL_F64MM)
- #define AARCH64_ISA_BF16	   (aarch64_isa_flags & AARCH64_FL_BF16)
-+#define AARCH64_ISA_SB  	   (aarch64_isa_flags & AARCH64_FL_SB)
- 
- /* Crypto is an optional extension to AdvSIMD.  */
- #define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO)
-@@ -378,6 +379,9 @@ extern unsigned aarch64_architecture_version;
- #define TARGET_FIX_ERR_A53_835769_DEFAULT 1
- #endif
- 
-+/* SB instruction is enabled through +sb.  */
-+#define TARGET_SB (AARCH64_ISA_SB)
-+
- /* Apply the workaround for Cortex-A53 erratum 835769.  */
- #define TARGET_FIX_ERR_A53_835769	\
-   ((aarch64_fix_a53_err835769 == 2)	\
-@@ -1058,8 +1062,10 @@ typedef struct
- 
- #define RETURN_ADDR_RTX aarch64_return_addr
- 
--/* BTI c + 3 insns + 2 pointer-sized entries.  */
--#define TRAMPOLINE_SIZE	(TARGET_ILP32 ? 24 : 32)
-+/* BTI c + 3 insns
-+   + sls barrier of DSB + ISB.
-+   + 2 pointer-sized entries.  */
-+#define TRAMPOLINE_SIZE	(24 + (TARGET_ILP32 ? 8 : 16))
- 
- /* Trampolines contain dwords, so must be dword aligned.  */
- #define TRAMPOLINE_ALIGNMENT 64
-diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
-index 8c8be3c..dda04ee 100644
---- a/gcc/config/aarch64/aarch64.md
-+++ b/gcc/config/aarch64/aarch64.md
-@@ -407,10 +407,25 @@
- ;; Attribute that specifies whether the alternative uses MOVPRFX.
- (define_attr "movprfx" "no,yes" (const_string "no"))
- 
-+;; Attribute to specify that an alternative has the length of a single
-+;; instruction plus a speculation barrier.
-+(define_attr "sls_length" "none,retbr,casesi" (const_string "none"))
-+
- (define_attr "length" ""
-   (cond [(eq_attr "movprfx" "yes")
-            (const_int 8)
--        ] (const_int 4)))
-+
-+	 (eq_attr "sls_length" "retbr")
-+	   (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 4)
-+		  (match_test "TARGET_SB") (const_int 8)]
-+		 (const_int 12))
-+
-+	 (eq_attr "sls_length" "casesi")
-+	   (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 16)
-+		  (match_test "TARGET_SB") (const_int 20)]
-+		 (const_int 24))
-+	]
-+	  (const_int 4)))
- 
- ;; Strictly for compatibility with AArch32 in pipeline models, since AArch64 has
- ;; no predicated insns.
-@@ -447,8 +462,12 @@
- (define_insn "indirect_jump"
-   [(set (pc) (match_operand:DI 0 "register_operand" "r"))]
-   ""
--  "br\\t%0"
--  [(set_attr "type" "branch")]
-+  {
-+    output_asm_insn ("br\\t%0", operands);
-+    return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
-+  }
-+  [(set_attr "type" "branch")
-+   (set_attr "sls_length" "retbr")]
- )
- 
- (define_insn "jump"
-@@ -765,7 +784,7 @@
-   "*
-   return aarch64_output_casesi (operands);
-   "
--  [(set_attr "length" "16")
-+  [(set_attr "sls_length" "casesi")
-    (set_attr "type" "branch")]
- )
- 
-@@ -844,18 +863,23 @@
-   [(return)]
-   ""
-   {
-+    const char *ret = NULL;
-     if (aarch64_return_address_signing_enabled ()
- 	&& TARGET_ARMV8_3
- 	&& !crtl->calls_eh_return)
-       {
- 	if (aarch64_ra_sign_key == AARCH64_KEY_B)
--	  return "retab";
-+	  ret = "retab";
- 	else
--	  return "retaa";
-+	  ret = "retaa";
-       }
--    return "ret";
-+    else
-+      ret = "ret";
-+    output_asm_insn (ret, operands);
-+    return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
-   }
--  [(set_attr "type" "branch")]
-+  [(set_attr "type" "branch")
-+   (set_attr "sls_length" "retbr")]
- )
- 
- (define_expand "return"
-@@ -867,8 +891,12 @@
- (define_insn "simple_return"
-   [(simple_return)]
-   ""
--  "ret"
--  [(set_attr "type" "branch")]
-+  {
-+    output_asm_insn ("ret", operands);
-+    return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
-+  }
-+  [(set_attr "type" "branch")
-+   (set_attr "sls_length" "retbr")]
- )
- 
- (define_insn "*cb<optab><mode>1"
-@@ -1066,10 +1094,16 @@
-    (unspec:DI [(match_operand:DI 2 "const_int_operand")] UNSPEC_CALLEE_ABI)
-    (return)]
-   "SIBLING_CALL_P (insn)"
--  "@
--   br\\t%0
--   b\\t%c0"
--  [(set_attr "type" "branch, branch")]
-+  {
-+    if (which_alternative == 0)
-+      {
-+	output_asm_insn ("br\\t%0", operands);
-+	return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
-+      }
-+    return "b\\t%c0";
-+  }
-+  [(set_attr "type" "branch, branch")
-+   (set_attr "sls_length" "retbr,none")]
- )
- 
- (define_insn "*sibcall_value_insn"
-@@ -1080,10 +1114,16 @@
-    (unspec:DI [(match_operand:DI 3 "const_int_operand")] UNSPEC_CALLEE_ABI)
-    (return)]
-   "SIBLING_CALL_P (insn)"
--  "@
--   br\\t%1
--   b\\t%c1"
--  [(set_attr "type" "branch, branch")]
-+  {
-+    if (which_alternative == 0)
-+      {
-+	output_asm_insn ("br\\t%1", operands);
-+	return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
-+      }
-+    return "b\\t%c1";
-+  }
-+  [(set_attr "type" "branch, branch")
-+   (set_attr "sls_length" "retbr,none")]
- )
- 
- ;; Call subroutine returning any type.
-diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
-new file mode 100644
-index 0000000..fa1887a
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
-@@ -0,0 +1,21 @@
-+/* Avoid ILP32 since pacret is only available for LP64 */
-+/* { dg-do compile { target { ! ilp32 } } } */
-+/* { dg-additional-options "-mharden-sls=retbr -mbranch-protection=pac-ret -march=armv8.3-a" } */
-+
-+/* Testing the do_return pattern for retaa and retab.  */
-+long retbr_subcall(void);
-+long retbr_do_return_retaa(void)
-+{
-+    return retbr_subcall()+1;
-+}
-+
-+__attribute__((target("branch-protection=pac-ret+b-key")))
-+long retbr_do_return_retab(void)
-+{
-+    return retbr_subcall()+1;
-+}
-+
-+/* Ensure there are no BR or RET instructions which are not directly followed
-+   by a speculation barrier.  */
-+/* { dg-final { scan-assembler-not {\t(br|ret|retaa|retab)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb)} } } */
-+/* { dg-final { scan-assembler-not {ret\t} } } */
-diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
-new file mode 100644
-index 0000000..76b8d03
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
-@@ -0,0 +1,119 @@
-+/* We ensure that -Wpedantic is off since it complains about the trampolines
-+   we explicitly want to test.  */
-+/* { dg-additional-options "-mharden-sls=retbr -Wno-pedantic " } */
-+/*
-+   Ensure that the SLS hardening of RET and BR leaves no unprotected RET/BR
-+   instructions.
-+  */
-+typedef int (foo) (int, int);
-+typedef void (bar) (int, int);
-+struct sls_testclass {
-+    foo *x;
-+    bar *y;
-+    int left;
-+    int right;
-+};
-+
-+int
-+retbr_sibcall_value_insn (struct sls_testclass x)
-+{
-+  return x.x(x.left, x.right);
-+}
-+
-+void
-+retbr_sibcall_insn (struct sls_testclass x)
-+{
-+  x.y(x.left, x.right);
-+}
-+
-+/* Aim to test two different returns.
-+   One that introduces a tail call in the middle of the function, and one that
-+   has a normal return.  */
-+int
-+retbr_multiple_returns (struct sls_testclass x)
-+{
-+  int temp;
-+  if (x.left % 10)
-+    return x.x(x.left, 100);
-+  else if (x.right % 20)
-+    {
-+      return x.x(x.left * x.right, 100);
-+    }
-+  temp = x.left % x.right;
-+  temp *= 100;
-+  temp /= 2;
-+  return temp % 3;
-+}
-+
-+void
-+retbr_multiple_returns_void (struct sls_testclass x)
-+{
-+  if (x.left % 10)
-+    {
-+      x.y(x.left, 100);
-+    }
-+  else if (x.right % 20)
-+    {
-+      x.y(x.left * x.right, 100);
-+    }
-+  return;
-+}
-+
-+/* Testing the casesi jump via register.  */
-+__attribute__ ((optimize ("Os")))
-+int
-+retbr_casesi_dispatch (struct sls_testclass x)
-+{
-+  switch (x.left)
-+    {
-+    case -5:
-+      return -2;
-+    case -3:
-+      return -1;
-+    case 0:
-+      return 0;
-+    case 3:
-+      return 1;
-+    case 5:
-+      break;
-+    default:
-+      __builtin_unreachable ();
-+    }
-+  return x.right;
-+}
-+
-+/* Testing the BR in trampolines is mitigated against.  */
-+void f1 (void *);
-+void f3 (void *, void (*)(void *));
-+void f2 (void *);
-+
-+int
-+retbr_trampolines (void *a, int b)
-+{
-+  if (!b)
-+    {
-+      f1 (a);
-+      return 1;
-+    }
-+  if (b)
-+    {
-+      void retbr_tramp_internal (void *c)
-+      {
-+	if (c == a)
-+	  f2 (c);
-+      }
-+      f3 (a, retbr_tramp_internal);
-+    }
-+  return 0;
-+}
-+
-+/* Testing the indirect_jump pattern.  */
-+void
-+retbr_indirect_jump (int *buf)
-+{
-+  __builtin_longjmp(buf, 1);
-+}
-+
-+/* Ensure there are no BR or RET instructions which are not directly followed
-+   by a speculation barrier.  */
-+/* { dg-final { scan-assembler-not {\t(br|ret|retaa|retab)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb|sb)} } } */
-diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
-new file mode 100644
-index 0000000..8122503
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
-@@ -0,0 +1,73 @@
-+#  Regression driver for SLS mitigation on AArch64.
-+#  Copyright (C) 2020 Free Software Foundation, Inc.
-+#  Contributed by ARM Ltd.
-+#
-+#  This file is part of GCC.
-+#
-+#  GCC is free software; you can redistribute it and/or modify it
-+#  under the terms of the GNU General Public License as published by
-+#  the Free Software Foundation; either version 3, or (at your option)
-+#  any later version.
-+#
-+#  GCC is distributed in the hope that it will be useful, but
-+#  WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+#  General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with GCC; see the file COPYING3.  If not see
-+#  <http://www.gnu.org/licenses/>.  */
-+
-+# Exit immediately if this isn't an AArch64 target.
-+if {![istarget aarch64*-*-*] } then {
-+  return
-+}
-+
-+# Load support procs.
-+load_lib gcc-dg.exp
-+load_lib torture-options.exp
-+
-+# If a testcase doesn't have special options, use these.
-+global DEFAULT_CFLAGS
-+if ![info exists DEFAULT_CFLAGS] then {
-+    set DEFAULT_CFLAGS " "
-+}
-+
-+# Initialize `dg'.
-+dg-init
-+torture-init
-+
-+# Use different architectures as well as the normal optimisation options.
-+# (i.e. use both SB and DSB+ISB barriers).
-+
-+set save-dg-do-what-default ${dg-do-what-default}
-+# Main loop.
-+# Run with torture tests (i.e. a bunch of different optimisation levels) just
-+# to increase test coverage.
-+set dg-do-what-default assemble
-+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
-+	"-save-temps" $DEFAULT_CFLAGS
-+
-+# Run the same tests but this time with SB extension.
-+# Since not all supported assemblers will support that extension we decide
-+# whether to assemble or just compile based on whether the extension is
-+# supported for the available assembler.
-+
-+set templist {}
-+foreach x $DG_TORTURE_OPTIONS {
-+  lappend templist "$x -march=armv8.3-a+sb "
-+  lappend templist "$x -march=armv8-a+sb "
-+}
-+set-torture-options $templist
-+if { [check_effective_target_aarch64_asm_sb_ok] } {
-+    set dg-do-what-default assemble
-+} else {
-+    set dg-do-what-default compile
-+}
-+gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
-+	"-save-temps" $DEFAULT_CFLAGS
-+set dg-do-what-default ${save-dg-do-what-default}
-+
-+# All done.
-+torture-finish
-+dg-finish
-diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
-index 8a186dd..9d2e093 100644
---- a/gcc/testsuite/lib/target-supports.exp
-+++ b/gcc/testsuite/lib/target-supports.exp
-@@ -9432,7 +9432,7 @@ proc check_effective_target_aarch64_tiny { } {
- # various architecture extensions via the .arch_extension pseudo-op.
- 
- foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"
--			  "i8mm" "f32mm" "f64mm" "bf16" } {
-+			  "i8mm" "f32mm" "f64mm" "bf16" "sb" } {
-     eval [string map [list FUNC $aarch64_ext] {
- 	proc check_effective_target_aarch64_asm_FUNC_ok { } {
- 	  if { [istarget aarch64*-*-*] } {
--- 
-2.7.4
-
diff --git a/meta/recipes-devtools/gcc/gcc/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch b/meta/recipes-devtools/gcc/gcc/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
deleted file mode 100644
index 716a367172..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
+++ /dev/null
@@ -1,658 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From a5e7efc40ed841934c1d913f39476afa17d8e5f7 Mon Sep 17 00:00:00 2001
-From: Matthew Malcomson <matthew.malcomson@arm.com>
-Date: Thu, 9 Jul 2020 09:11:59 +0100
-Subject: [PATCH 3/3] aarch64: Mitigate SLS for BLR instruction
-
-This patch introduces the mitigation for Straight Line Speculation past
-the BLR instruction.
-
-This mitigation replaces BLR instructions with a BL to a stub which uses
-a BR to jump to the original value.  These function stubs are then
-appended with a speculation barrier to ensure no straight line
-speculation happens after these jumps.
-
-When optimising for speed we use a set of stubs for each function since
-this should help the branch predictor make more accurate predictions
-about where a stub should branch.
-
-When optimising for size we use one set of stubs for all functions.
-This set of stubs can have human readable names, and we are using
-`__call_indirect_x<N>` for register x<N>.
-
-When BTI branch protection is enabled the BLR instruction can jump to a
-`BTI c` instruction using any register, while the BR instruction can
-only jump to a `BTI c` instruction using the x16 or x17 registers.
-Hence, in order to ensure this transformation is safe we mov the value
-of the original register into x16 and use x16 for the BR.
-
-As an example when optimising for size:
-a
-    BLR x0
-instruction would get transformed to something like
-    BL __call_indirect_x0
-where __call_indirect_x0 labels a thunk that contains
-__call_indirect_x0:
-    MOV X16, X0
-    BR X16
-    <speculation barrier>
-
-The first version of this patch used local symbols specific to a
-compilation unit to try and avoid relocations.
-This was mistaken since functions coming from the same compilation unit
-can still be in different sections, and the assembler will insert
-relocations at jumps between sections.
-
-On any relocation the linker is permitted to emit a veneer to handle
-jumps between symbols that are very far apart.  The registers x16 and
-x17 may be clobbered by these veneers.
-Hence the function stubs cannot rely on the values of x16 and x17 being
-the same as just before the function stub is called.
-
-Similar can be said for the hot/cold partitioning of single functions,
-so function-local stubs have the same restriction.
-
-This updated version of the patch never emits function stubs for x16 and
-x17, and instead forces other registers to be used.
-
-Given the above, there is now no benefit to local symbols (since they
-are not enough to avoid dealing with linker intricacies).  This patch
-now uses global symbols with hidden visibility each stored in their own
-COMDAT section.  This means stubs can be shared between compilation
-units while still avoiding the PLT indirection.
-
-This patch also removes the `__call_indirect_x30` stub (and
-function-local equivalent) which would simply jump back to the original
-location.
-
-The function-local stubs are emitted to the assembly output file in one
-chunk, which means we need not add the speculation barrier directly
-after each one.
-This is because we know for certain that the instructions directly after
-the BR in all but the last function stub will be from another one of
-these stubs and hence will not contain a speculation gadget.
-Instead we add a speculation barrier at the end of the sequence of
-stubs.
-
-The global stubs are emitted in COMDAT/.linkonce sections by
-themselves so that the linker can remove duplicates from multiple object
-files.  This means they are not emitted in one chunk, and each one must
-include the speculation barrier.
-
-Another difference is that since the global stubs are shared across
-compilation units we do not know that all functions will be targeting an
-architecture supporting the SB instruction.
-Rather than provide multiple stubs for each architecture, we provide a
-stub that will work for all architectures -- using the DSB+ISB barrier.
-
-This mitigation does not apply for BLR instructions in the following
-places:
-- Some accesses to thread-local variables use a code sequence with a BLR
-  instruction.  This code sequence is part of the binary interface between
-  compiler and linker. If this BLR instruction needs to be mitigated, it'd
-  probably be best to do so in the linker. It seems that the code sequence
-  for thread-local variable access is unlikely to lead to a Spectre Revalation
-  Gadget.
-- PLT stubs are produced by the linker and each contain a BLR instruction.
-  It seems that at most only after the last PLT stub a Spectre Revalation
-  Gadget might appear.
-
-Testing:
-  Bootstrap and regtest on AArch64
-    (with BOOT_CFLAGS="-mharden-sls=retbr,blr")
-  Used a temporary hack(1) in gcc-dg.exp to use these options on every
-  test in the testsuite, a slight modification to emit the speculation
-  barrier after every function stub, and a script to check that the
-  output never emitted a BLR, or unmitigated BR or RET instruction.
-  Similar on an aarch64-none-elf cross-compiler.
-
-1) Temporary hack emitted a speculation barrier at the end of every stub
-function, and used a script to ensure that:
-  a) Every RET or BR is immediately followed by a speculation barrier.
-  b) No BLR instruction is emitted by compiler.
-
-gcc/ChangeLog:
-
-	* config/aarch64/aarch64-protos.h (aarch64_indirect_call_asm):
-	New declaration.
-	* config/aarch64/aarch64.c (aarch64_regno_regclass): Handle new
-	stub registers class.
-	(aarch64_class_max_nregs): Likewise.
-	(aarch64_register_move_cost): Likewise.
-	(aarch64_sls_shared_thunks): Global array to store stub labels.
-	(aarch64_sls_emit_function_stub): New.
-	(aarch64_create_blr_label): New.
-	(aarch64_sls_emit_blr_function_thunks): New.
-	(aarch64_sls_emit_shared_blr_thunks): New.
-	(aarch64_asm_file_end): New.
-	(aarch64_indirect_call_asm): New.
-	(TARGET_ASM_FILE_END): Use aarch64_asm_file_end.
-	(TARGET_ASM_FUNCTION_EPILOGUE): Use
-	aarch64_sls_emit_blr_function_thunks.
-	* config/aarch64/aarch64.h (STB_REGNUM_P): New.
-	(enum reg_class): Add STUB_REGS class.
-	(machine_function): Introduce `call_via` array for
-	function-local stub labels.
-	* config/aarch64/aarch64.md (*call_insn, *call_value_insn): Use
-	aarch64_indirect_call_asm to emit code when hardening BLR
-	instructions.
-	* config/aarch64/constraints.md (Ucr): New constraint
-	representing registers for indirect calls.  Is GENERAL_REGS
-	usually, and STUB_REGS when hardening BLR instruction against
-	SLS.
-	* config/aarch64/predicates.md (aarch64_general_reg): STUB_REGS class
-	is also a general register.
-
-gcc/testsuite/ChangeLog:
-
-	* gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c: New test.
-	* gcc.target/aarch64/sls-mitigation/sls-miti-blr.c: New test.
----
- gcc/config/aarch64/aarch64-protos.h                |   1 +
- gcc/config/aarch64/aarch64.c                       | 225 ++++++++++++++++++++-
- gcc/config/aarch64/aarch64.h                       |  15 ++
- gcc/config/aarch64/aarch64.md                      |  11 +-
- gcc/config/aarch64/constraints.md                  |   9 +
- gcc/config/aarch64/predicates.md                   |   3 +-
- .../aarch64/sls-mitigation/sls-miti-blr-bti.c      |  40 ++++
- .../aarch64/sls-mitigation/sls-miti-blr.c          |  33 +++
- 8 files changed, 328 insertions(+), 9 deletions(-)
- create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
- create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
-
-diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
-index ee0ffde..839f801 100644
---- a/gcc/config/aarch64/aarch64-protos.h
-+++ b/gcc/config/aarch64/aarch64-protos.h
-@@ -782,6 +782,7 @@ extern const atomic_ool_names aarch64_ool_ldeor_names;
- tree aarch64_resolve_overloaded_builtin_general (location_t, tree, void *);
- 
- const char *aarch64_sls_barrier (int);
-+const char *aarch64_indirect_call_asm (rtx);
- extern bool aarch64_harden_sls_retbr_p (void);
- extern bool aarch64_harden_sls_blr_p (void);
- 
-diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
-index 2389d49..0f7bba3 100644
---- a/gcc/config/aarch64/aarch64.c
-+++ b/gcc/config/aarch64/aarch64.c
-@@ -10605,6 +10605,9 @@ aarch64_label_mentioned_p (rtx x)
- enum reg_class
- aarch64_regno_regclass (unsigned regno)
- {
-+  if (STUB_REGNUM_P (regno))
-+    return STUB_REGS;
-+
-   if (GP_REGNUM_P (regno))
-     return GENERAL_REGS;
- 
-@@ -10939,6 +10942,7 @@ aarch64_class_max_nregs (reg_class_t regclass, machine_mode mode)
-   unsigned int nregs, vec_flags;
-   switch (regclass)
-     {
-+    case STUB_REGS:
-     case TAILCALL_ADDR_REGS:
-     case POINTER_REGS:
-     case GENERAL_REGS:
-@@ -13155,10 +13159,12 @@ aarch64_register_move_cost (machine_mode mode,
-     = aarch64_tune_params.regmove_cost;
- 
-   /* Caller save and pointer regs are equivalent to GENERAL_REGS.  */
--  if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS)
-+  if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS
-+      || to == STUB_REGS)
-     to = GENERAL_REGS;
- 
--  if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS)
-+  if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS
-+      || from == STUB_REGS)
-     from = GENERAL_REGS;
- 
-   /* Make RDFFR very expensive.  In particular, if we know that the FFR
-@@ -22957,6 +22963,215 @@ aarch64_sls_barrier (int mitigation_required)
-     : "";
- }
- 
-+static GTY (()) tree aarch64_sls_shared_thunks[30];
-+static GTY (()) bool aarch64_sls_shared_thunks_needed = false;
-+const char *indirect_symbol_names[30] = {
-+    "__call_indirect_x0",
-+    "__call_indirect_x1",
-+    "__call_indirect_x2",
-+    "__call_indirect_x3",
-+    "__call_indirect_x4",
-+    "__call_indirect_x5",
-+    "__call_indirect_x6",
-+    "__call_indirect_x7",
-+    "__call_indirect_x8",
-+    "__call_indirect_x9",
-+    "__call_indirect_x10",
-+    "__call_indirect_x11",
-+    "__call_indirect_x12",
-+    "__call_indirect_x13",
-+    "__call_indirect_x14",
-+    "__call_indirect_x15",
-+    "", /* "__call_indirect_x16",  */
-+    "", /* "__call_indirect_x17",  */
-+    "__call_indirect_x18",
-+    "__call_indirect_x19",
-+    "__call_indirect_x20",
-+    "__call_indirect_x21",
-+    "__call_indirect_x22",
-+    "__call_indirect_x23",
-+    "__call_indirect_x24",
-+    "__call_indirect_x25",
-+    "__call_indirect_x26",
-+    "__call_indirect_x27",
-+    "__call_indirect_x28",
-+    "__call_indirect_x29",
-+};
-+
-+/* Function to create a BLR thunk.  This thunk is used to mitigate straight
-+   line speculation.  Instead of a simple BLR that can be speculated past,
-+   we emit a BL to this thunk, and this thunk contains a BR to the relevant
-+   register.  These thunks have the relevant speculation barries put after
-+   their indirect branch so that speculation is blocked.
-+
-+   We use such a thunk so the speculation barriers are kept off the
-+   architecturally executed path in order to reduce the performance overhead.
-+
-+   When optimizing for size we use stubs shared by the linked object.
-+   When optimizing for performance we emit stubs for each function in the hope
-+   that the branch predictor can better train on jumps specific for a given
-+   function.  */
-+rtx
-+aarch64_sls_create_blr_label (int regnum)
-+{
-+  gcc_assert (STUB_REGNUM_P (regnum));
-+  if (optimize_function_for_size_p (cfun))
-+    {
-+      /* For the thunks shared between different functions in this compilation
-+	 unit we use a named symbol -- this is just for users to more easily
-+	 understand the generated assembly.  */
-+      aarch64_sls_shared_thunks_needed = true;
-+      const char *thunk_name = indirect_symbol_names[regnum];
-+      if (aarch64_sls_shared_thunks[regnum] == NULL)
-+	{
-+	  /* Build a decl representing this function stub and record it for
-+	     later.  We build a decl here so we can use the GCC machinery for
-+	     handling sections automatically (through `get_named_section` and
-+	     `make_decl_one_only`).  That saves us a lot of trouble handling
-+	     the specifics of different output file formats.  */
-+	  tree decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL,
-+				  get_identifier (thunk_name),
-+				  build_function_type_list (void_type_node,
-+							    NULL_TREE));
-+	  DECL_RESULT (decl) = build_decl (BUILTINS_LOCATION, RESULT_DECL,
-+					   NULL_TREE, void_type_node);
-+	  TREE_PUBLIC (decl) = 1;
-+	  TREE_STATIC (decl) = 1;
-+	  DECL_IGNORED_P (decl) = 1;
-+	  DECL_ARTIFICIAL (decl) = 1;
-+	  make_decl_one_only (decl, DECL_ASSEMBLER_NAME (decl));
-+	  resolve_unique_section (decl, 0, false);
-+	  aarch64_sls_shared_thunks[regnum] = decl;
-+	}
-+
-+      return gen_rtx_SYMBOL_REF (Pmode, thunk_name);
-+    }
-+
-+  if (cfun->machine->call_via[regnum] == NULL)
-+    cfun->machine->call_via[regnum]
-+      = gen_rtx_LABEL_REF (Pmode, gen_label_rtx ());
-+  return cfun->machine->call_via[regnum];
-+}
-+
-+/* Helper function for aarch64_sls_emit_blr_function_thunks and
-+   aarch64_sls_emit_shared_blr_thunks below.  */
-+static void
-+aarch64_sls_emit_function_stub (FILE *out_file, int regnum)
-+{
-+  /* Save in x16 and branch to that function so this transformation does
-+     not prevent jumping to `BTI c` instructions.  */
-+  asm_fprintf (out_file, "\tmov\tx16, x%d\n", regnum);
-+  asm_fprintf (out_file, "\tbr\tx16\n");
-+}
-+
-+/* Emit all BLR stubs for this particular function.
-+   Here we emit all the BLR stubs needed for the current function.  Since we
-+   emit these stubs in a consecutive block we know there will be no speculation
-+   gadgets between each stub, and hence we only emit a speculation barrier at
-+   the end of the stub sequences.
-+
-+   This is called in the TARGET_ASM_FUNCTION_EPILOGUE hook.  */
-+void
-+aarch64_sls_emit_blr_function_thunks (FILE *out_file)
-+{
-+  if (! aarch64_harden_sls_blr_p ())
-+    return;
-+
-+  bool any_functions_emitted = false;
-+  /* We must save and restore the current function section since this assembly
-+     is emitted at the end of the function.  This means it can be emitted *just
-+     after* the cold section of a function.  That cold part would be emitted in
-+     a different section.  That switch would trigger a `.cfi_endproc` directive
-+     to be emitted in the original section and a `.cfi_startproc` directive to
-+     be emitted in the new section.  Switching to the original section without
-+     restoring would mean that the `.cfi_endproc` emitted as a function ends
-+     would happen in a different section -- leaving an unmatched
-+     `.cfi_startproc` in the cold text section and an unmatched `.cfi_endproc`
-+     in the standard text section.  */
-+  section *save_text_section = in_section;
-+  switch_to_section (function_section (current_function_decl));
-+  for (int regnum = 0; regnum < 30; ++regnum)
-+    {
-+      rtx specu_label = cfun->machine->call_via[regnum];
-+      if (specu_label == NULL)
-+	continue;
-+
-+      targetm.asm_out.print_operand (out_file, specu_label, 0);
-+      asm_fprintf (out_file, ":\n");
-+      aarch64_sls_emit_function_stub (out_file, regnum);
-+      any_functions_emitted = true;
-+    }
-+  if (any_functions_emitted)
-+    /* Can use the SB if needs be here, since this stub will only be used
-+      by the current function, and hence for the current target.  */
-+    asm_fprintf (out_file, "\t%s\n", aarch64_sls_barrier (true));
-+  switch_to_section (save_text_section);
-+}
-+
-+/* Emit shared BLR stubs for the current compilation unit.
-+   Over the course of compiling this unit we may have converted some BLR
-+   instructions to a BL to a shared stub function.  This is where we emit those
-+   stub functions.
-+   This function is for the stubs shared between different functions in this
-+   compilation unit.  We share when optimizing for size instead of speed.
-+
-+   This function is called through the TARGET_ASM_FILE_END hook.  */
-+void
-+aarch64_sls_emit_shared_blr_thunks (FILE *out_file)
-+{
-+  if (! aarch64_sls_shared_thunks_needed)
-+    return;
-+
-+  for (int regnum = 0; regnum < 30; ++regnum)
-+    {
-+      tree decl = aarch64_sls_shared_thunks[regnum];
-+      if (!decl)
-+	continue;
-+
-+      const char *name = indirect_symbol_names[regnum];
-+      switch_to_section (get_named_section (decl, NULL, 0));
-+      ASM_OUTPUT_ALIGN (out_file, 2);
-+      targetm.asm_out.globalize_label (out_file, name);
-+      /* Only emits if the compiler is configured for an assembler that can
-+	 handle visibility directives.  */
-+      targetm.asm_out.assemble_visibility (decl, VISIBILITY_HIDDEN);
-+      ASM_OUTPUT_TYPE_DIRECTIVE (out_file, name, "function");
-+      ASM_OUTPUT_LABEL (out_file, name);
-+      aarch64_sls_emit_function_stub (out_file, regnum);
-+      /* Use the most conservative target to ensure it can always be used by any
-+	 function in the translation unit.  */
-+      asm_fprintf (out_file, "\tdsb\tsy\n\tisb\n");
-+      ASM_DECLARE_FUNCTION_SIZE (out_file, name, decl);
-+    }
-+}
-+
-+/* Implement TARGET_ASM_FILE_END.  */
-+void
-+aarch64_asm_file_end ()
-+{
-+  aarch64_sls_emit_shared_blr_thunks (asm_out_file);
-+  /* Since this function will be called for the ASM_FILE_END hook, we ensure
-+     that what would be called otherwise (e.g. `file_end_indicate_exec_stack`
-+     for FreeBSD) still gets called.  */
-+#ifdef TARGET_ASM_FILE_END
-+  TARGET_ASM_FILE_END ();
-+#endif
-+}
-+
-+const char *
-+aarch64_indirect_call_asm (rtx addr)
-+{
-+  gcc_assert (REG_P (addr));
-+  if (aarch64_harden_sls_blr_p ())
-+    {
-+      rtx stub_label = aarch64_sls_create_blr_label (REGNO (addr));
-+      output_asm_insn ("bl\t%0", &stub_label);
-+    }
-+  else
-+   output_asm_insn ("blr\t%0", &addr);
-+  return "";
-+}
-+
- /* Target-specific selftests.  */
- 
- #if CHECKING_P
-@@ -23507,6 +23722,12 @@ aarch64_libgcc_floating_mode_supported_p
- #undef TARGET_MD_ASM_ADJUST
- #define TARGET_MD_ASM_ADJUST arm_md_asm_adjust
- 
-+#undef TARGET_ASM_FILE_END
-+#define TARGET_ASM_FILE_END aarch64_asm_file_end
-+
-+#undef TARGET_ASM_FUNCTION_EPILOGUE
-+#define TARGET_ASM_FUNCTION_EPILOGUE aarch64_sls_emit_blr_function_thunks
-+
- struct gcc_target targetm = TARGET_INITIALIZER;
- 
- #include "gt-aarch64.h"
-diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
-index 8e0fc37..7331450 100644
---- a/gcc/config/aarch64/aarch64.h
-+++ b/gcc/config/aarch64/aarch64.h
-@@ -643,6 +643,16 @@ extern unsigned aarch64_architecture_version;
- #define GP_REGNUM_P(REGNO)						\
-   (((unsigned) (REGNO - R0_REGNUM)) <= (R30_REGNUM - R0_REGNUM))
- 
-+/* Registers known to be preserved over a BL instruction.  This consists of the
-+   GENERAL_REGS without x16, x17, and x30.  The x30 register is changed by the
-+   BL instruction itself, while the x16 and x17 registers may be used by
-+   veneers which can be inserted by the linker.  */
-+#define STUB_REGNUM_P(REGNO) \
-+  (GP_REGNUM_P (REGNO) \
-+   && (REGNO) != R16_REGNUM \
-+   && (REGNO) != R17_REGNUM \
-+   && (REGNO) != R30_REGNUM) \
-+
- #define FP_REGNUM_P(REGNO)			\
-   (((unsigned) (REGNO - V0_REGNUM)) <= (V31_REGNUM - V0_REGNUM))
- 
-@@ -667,6 +677,7 @@ enum reg_class
- {
-   NO_REGS,
-   TAILCALL_ADDR_REGS,
-+  STUB_REGS,
-   GENERAL_REGS,
-   STACK_REG,
-   POINTER_REGS,
-@@ -689,6 +700,7 @@ enum reg_class
- {						\
-   "NO_REGS",					\
-   "TAILCALL_ADDR_REGS",				\
-+  "STUB_REGS",					\
-   "GENERAL_REGS",				\
-   "STACK_REG",					\
-   "POINTER_REGS",				\
-@@ -708,6 +720,7 @@ enum reg_class
- {									\
-   { 0x00000000, 0x00000000, 0x00000000 },	/* NO_REGS */		\
-   { 0x00030000, 0x00000000, 0x00000000 },	/* TAILCALL_ADDR_REGS */\
-+  { 0x3ffcffff, 0x00000000, 0x00000000 },	/* STUB_REGS */		\
-   { 0x7fffffff, 0x00000000, 0x00000003 },	/* GENERAL_REGS */	\
-   { 0x80000000, 0x00000000, 0x00000000 },	/* STACK_REG */		\
-   { 0xffffffff, 0x00000000, 0x00000003 },	/* POINTER_REGS */	\
-@@ -862,6 +875,8 @@ typedef struct GTY (()) machine_function
-   struct aarch64_frame frame;
-   /* One entry for each hard register.  */
-   bool reg_is_wrapped_separately[LAST_SAVED_REGNUM];
-+  /* One entry for each general purpose register.  */
-+  rtx call_via[SP_REGNUM];
-   bool label_is_assembled;
- } machine_function;
- #endif
-diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
-index dda04ee..43da754 100644
---- a/gcc/config/aarch64/aarch64.md
-+++ b/gcc/config/aarch64/aarch64.md
-@@ -1022,16 +1022,15 @@
- )
- 
- (define_insn "*call_insn"
--  [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "r, Usf"))
-+  [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "Ucr, Usf"))
- 	 (match_operand 1 "" ""))
-    (unspec:DI [(match_operand:DI 2 "const_int_operand")] UNSPEC_CALLEE_ABI)
-    (clobber (reg:DI LR_REGNUM))]
-   ""
-   "@
--  blr\\t%0
-+  * return aarch64_indirect_call_asm (operands[0]);
-   bl\\t%c0"
--  [(set_attr "type" "call, call")]
--)
-+  [(set_attr "type" "call, call")])
- 
- (define_expand "call_value"
-   [(parallel
-@@ -1050,13 +1049,13 @@
- 
- (define_insn "*call_value_insn"
-   [(set (match_operand 0 "" "")
--	(call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "r, Usf"))
-+	(call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "Ucr, Usf"))
- 		      (match_operand 2 "" "")))
-    (unspec:DI [(match_operand:DI 3 "const_int_operand")] UNSPEC_CALLEE_ABI)
-    (clobber (reg:DI LR_REGNUM))]
-   ""
-   "@
--  blr\\t%1
-+  * return aarch64_indirect_call_asm (operands[1]);
-   bl\\t%c1"
-   [(set_attr "type" "call, call")]
- )
-diff --git a/gcc/config/aarch64/constraints.md b/gcc/config/aarch64/constraints.md
-index d993268..8cc6f50 100644
---- a/gcc/config/aarch64/constraints.md
-+++ b/gcc/config/aarch64/constraints.md
-@@ -24,6 +24,15 @@
- (define_register_constraint "Ucs" "TAILCALL_ADDR_REGS"
-   "@internal Registers suitable for an indirect tail call")
- 
-+(define_register_constraint "Ucr"
-+    "aarch64_harden_sls_blr_p () ? STUB_REGS : GENERAL_REGS"
-+  "@internal Registers to be used for an indirect call.
-+   This is usually the general registers, but when we are hardening against
-+   Straight Line Speculation we disallow x16, x17, and x30 so we can use
-+   indirection stubs.  These indirection stubs cannot use the above registers
-+   since they will be reached by a BL that may have to go through a linker
-+   veneer.")
-+
- (define_register_constraint "w" "FP_REGS"
-   "Floating point and SIMD vector registers.")
- 
-diff --git a/gcc/config/aarch64/predicates.md b/gcc/config/aarch64/predicates.md
-index 215fcec..1754b1e 100644
---- a/gcc/config/aarch64/predicates.md
-+++ b/gcc/config/aarch64/predicates.md
-@@ -32,7 +32,8 @@
- 
- (define_predicate "aarch64_general_reg"
-   (and (match_operand 0 "register_operand")
--       (match_test "REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
-+       (match_test "REGNO_REG_CLASS (REGNO (op)) == STUB_REGS
-+		    || REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
- 
- ;; Return true if OP a (const_int 0) operand.
- (define_predicate "const0_operand"
-diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
-new file mode 100644
-index 0000000..b1fb754
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
-@@ -0,0 +1,40 @@
-+/* { dg-do compile } */
-+/* { dg-additional-options "-mharden-sls=blr -mbranch-protection=bti" } */
-+/*
-+   Ensure that the SLS hardening of BLR leaves no BLR instructions.
-+   Here we also check that there are no BR instructions with anything except an
-+   x16 or x17 register.  This is because a `BTI c` instruction can be branched
-+   to using a BLR instruction using any register, but can only be branched to
-+   with a BR using an x16 or x17 register.
-+  */
-+typedef int (foo) (int, int);
-+typedef void (bar) (int, int);
-+struct sls_testclass {
-+    foo *x;
-+    bar *y;
-+    int left;
-+    int right;
-+};
-+
-+/* We test both RTL patterns for a call which returns a value and a call which
-+   does not.  */
-+int blr_call_value (struct sls_testclass x)
-+{
-+  int retval = x.x(x.left, x.right);
-+  if (retval % 10)
-+    return 100;
-+  return 9;
-+}
-+
-+int blr_call (struct sls_testclass x)
-+{
-+  x.y(x.left, x.right);
-+  if (x.left % 10)
-+    return 100;
-+  return 9;
-+}
-+
-+/* { dg-final { scan-assembler-not {\tblr\t} } } */
-+/* { dg-final { scan-assembler-not {\tbr\tx(?!16|17)} } } */
-+/* { dg-final { scan-assembler {\tbr\tx(16|17)} } } */
-+
-diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
-new file mode 100644
-index 0000000..88bafff
---- /dev/null
-+++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
-@@ -0,0 +1,33 @@
-+/* { dg-additional-options "-mharden-sls=blr -save-temps" } */
-+/* Ensure that the SLS hardening of BLR leaves no BLR instructions.
-+   We only test that all BLR instructions have been removed, not that the
-+   resulting code makes sense.  */
-+typedef int (foo) (int, int);
-+typedef void (bar) (int, int);
-+struct sls_testclass {
-+    foo *x;
-+    bar *y;
-+    int left;
-+    int right;
-+};
-+
-+/* We test both RTL patterns for a call which returns a value and a call which
-+   does not.  */
-+int blr_call_value (struct sls_testclass x)
-+{
-+  int retval = x.x(x.left, x.right);
-+  if (retval % 10)
-+    return 100;
-+  return 9;
-+}
-+
-+int blr_call (struct sls_testclass x)
-+{
-+  x.y(x.left, x.right);
-+  if (x.left % 10)
-+    return 100;
-+  return 9;
-+}
-+
-+/* { dg-final { scan-assembler-not {\tblr\t} } } */
-+/* { dg-final { scan-assembler {\tbr\tx[0-9][0-9]?} } } */
--- 
-2.7.4
-
diff --git a/meta/recipes-devtools/gcc/gcc/0012-gcc-Fix-argument-list-too-long-error.patch b/meta/recipes-devtools/gcc/gcc/0012-gcc-Fix-argument-list-too-long-error.patch
index 88e1715b5c..03d7a41633 100644
--- a/meta/recipes-devtools/gcc/gcc/0012-gcc-Fix-argument-list-too-long-error.patch
+++ b/meta/recipes-devtools/gcc/gcc/0012-gcc-Fix-argument-list-too-long-error.patch
@@ -30,9 +30,8 @@ diff --git a/gcc/Makefile.in b/gcc/Makefile.in
 index a67d2cc18d6..480c9366418 100644
 --- a/gcc/Makefile.in
 +++ b/gcc/Makefile.in
-@@ -3606,7 +3606,7 @@ install-plugin: installdirs lang.install-plugin s-header-vars install-gengtype
- # We keep the directory structure for files in config or c-family and .def
- # files. All other files are flattened to a single directory.
+ # We keep the directory structure for files in config, common/config or
+ # c-family and .def files. All other files are flattened to a single directory.
  	$(mkinstalldirs) $(DESTDIR)$(plugin_includedir)
 -	headers=`echo $(PLUGIN_HEADERS) $$(cd $(srcdir); echo *.h *.def) | tr ' ' '\012' | sort -u`; \
 +	headers=`echo $(sort $(PLUGIN_HEADERS)) $$(cd $(srcdir); echo *.h *.def) | tr ' ' '\012' | sort -u`; \
diff --git a/meta/recipes-devtools/gcc/gcc/0033-Re-introduce-spe-commandline-options.patch b/meta/recipes-devtools/gcc/gcc/0033-Re-introduce-spe-commandline-options.patch
index ba7c2b8fd5..43d881fa5e 100644
--- a/meta/recipes-devtools/gcc/gcc/0033-Re-introduce-spe-commandline-options.patch
+++ b/meta/recipes-devtools/gcc/gcc/0033-Re-introduce-spe-commandline-options.patch
@@ -33,6 +33,6 @@ index f95b8279270..0e52d51409d 100644
 +Target RejectNegative Var(rs6000_spe_abi, 0)
 +Do not use the SPE ABI extensions.
 +
+ ; Altivec ABI
  mabi=altivec
  Target RejectNegative Var(rs6000_altivec_abi) Save
- Use the AltiVec ABI extensions.
diff --git a/meta/recipes-devtools/gcc/gcc/0036-mingw32-Enable-operation_not_supported.patch b/meta/recipes-devtools/gcc/gcc/0036-mingw32-Enable-operation_not_supported.patch
index de82a3a539..4db3d15554 100644
--- a/meta/recipes-devtools/gcc/gcc/0036-mingw32-Enable-operation_not_supported.patch
+++ b/meta/recipes-devtools/gcc/gcc/0036-mingw32-Enable-operation_not_supported.patch
@@ -16,11 +16,11 @@ index 68ac72a78fb..71cd5815b81 100644
 --- a/libstdc++-v3/config/os/mingw32/error_constants.h
 +++ b/libstdc++-v3/config/os/mingw32/error_constants.h
 @@ -107,7 +107,7 @@ _GLIBCXX_BEGIN_NAMESPACE_VERSION
- #ifdef _GLIBCXX_HAVE_EPERM
+ #ifdef EPERM
        operation_not_permitted = 		EPERM,
  #endif
 -//    operation_not_supported = 		EOPNOTSUPP,
 +      operation_not_supported = 		EOPNOTSUPP,
- #ifdef _GLIBCXX_HAVE_EWOULDBLOCK
+ #ifdef EWOULDBLOCK
        operation_would_block = 			EWOULDBLOCK,
  #endif
diff --git a/meta/recipes-devtools/gcc/gcc/0038-arm-neoverse-n2-support.patch b/meta/recipes-devtools/gcc/gcc/0038-arm-neoverse-n2-support.patch
deleted file mode 100644
index 3e42266b81..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0038-arm-neoverse-n2-support.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From d7e8411f6a333d4054894ad3b23f23415a525230 Mon Sep 17 00:00:00 2001
-From: Alex Coplan <alex.coplan@arm.com>
-Date: Fri, 2 Oct 2020 16:06:15 +0100
-Subject: [PATCH] arm: Add support for Neoverse N2 CPU
-
-This patch backports the AArch32 support for Arm's Neoverse N2 CPU to
-GCC 10.
-
-gcc/ChangeLog:
-
-	* config/arm/arm-cpus.in (neoverse-n2): New.
-	* config/arm/arm-tables.opt: Regenerate.
-	* config/arm/arm-tune.md: Regenerate.
-	* doc/invoke.texi: Document support for Neoverse N2.
-
-Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=d7e8411f6a333d4054894ad3b23f23415a525230]
-
-Signed-off-by: pgowda <pgowda.cve@gmail.com>
----
- gcc/config/arm/arm-cpus.in    | 12 ++++++++++++
- gcc/config/arm/arm-tables.opt |  3 +++
- gcc/config/arm/arm-tune.md    |  5 +++--
- gcc/doc/invoke.texi           |  6 +++---
- 4 files changed, 21 insertions(+), 5 deletions(-)
-
-diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
---- a/gcc/config/arm/arm-cpus.in	2021-12-20 20:24:59.912159845 -0800
-+++ b/gcc/config/arm/arm-cpus.in	2021-12-20 21:00:04.417003845 -0800
-@@ -1481,6 +1481,18 @@ begin cpu cortex-a76.cortex-a55
-  costs cortex_a57
- end cpu cortex-a76.cortex-a55
- 
-+# Armv8.5 A-profile Architecture Processors
-+begin cpu neoverse-n2
-+  cname neoversen2
-+  tune for cortex-a57
-+  tune flags LDSCHED
-+  architecture armv8.5-a+fp16+bf16+i8mm
-+  option crypto add FP_ARMv8 CRYPTO
-+  costs cortex_a57
-+  vendor 41
-+  part 0xd49
-+end cpu neoverse-n2
-+
- # V8 M-profile implementations.
- begin cpu cortex-m23
-  cname cortexm23
-diff --git a/gcc/config/arm/arm-tables.opt b/gcc/config/arm/arm-tables.opt
---- a/gcc/config/arm/arm-tables.opt	2020-07-22 23:35:54.688795958 -0700
-+++ b/gcc/config/arm/arm-tables.opt	2021-12-20 21:00:04.421003776 -0800
-@@ -253,6 +253,9 @@ EnumValue
- Enum(processor_type) String(cortex-m23) Value( TARGET_CPU_cortexm23)
- 
- EnumValue
-+Enum(processor_type) String(neoverse-n2) Value( TARGET_CPU_neoversen2)
-+
-+EnumValue
- Enum(processor_type) String(cortex-m33) Value( TARGET_CPU_cortexm33)
- 
- EnumValue
-diff --git a/gcc/config/arm/arm-tune.md b/gcc/config/arm/arm-tune.md
---- a/gcc/config/arm/arm-tune.md	2020-07-22 23:35:54.684795913 -0700
-+++ b/gcc/config/arm/arm-tune.md	2021-12-20 21:02:44.630260284 -0800
-@@ -46,6 +46,6 @@
- 	cortexa73cortexa53,cortexa55,cortexa75,
- 	cortexa76,cortexa76ae,cortexa77,
- 	neoversen1,cortexa75cortexa55,cortexa76cortexa55,
--	cortexm23,cortexm33,cortexm35p,
--	cortexm55,cortexr52"
-+	neoversen2,cortexm23,cortexm33,
-+	cortexm35p,cortexm55,cortexr52"
- 	(const (symbol_ref "((enum attr_tune) arm_tune)")))
-diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
---- a/gcc/doc/invoke.texi	2021-12-20 20:24:59.916159782 -0800
-+++ b/gcc/doc/invoke.texi	2021-12-20 21:03:41.337290704 -0800
-@@ -18857,9 +18857,9 @@ Permissible names are: @samp{arm7tdmi},
- @samp{cortex-m35p}, @samp{cortex-m55},
- @samp{cortex-m1.small-multiply}, @samp{cortex-m0.small-multiply},
- @samp{cortex-m0plus.small-multiply}, @samp{exynos-m1}, @samp{marvell-pj4},
--@samp{neoverse-n1}, @samp{xscale}, @samp{iwmmxt}, @samp{iwmmxt2},
--@samp{ep9312}, @samp{fa526}, @samp{fa626}, @samp{fa606te}, @samp{fa626te},
--@samp{fmp626}, @samp{fa726te}, @samp{xgene1}.
-+@samp{neoverse-n1}, @samp{neoverse-n2}, @samp{xscale}, @samp{iwmmxt},
-+@samp{iwmmxt2}, @samp{ep9312}, @samp{fa526}, @samp{fa626}, @samp{fa606te},
-+@samp{fa626te}, @samp{fmp626}, @samp{fa726te}, @samp{xgene1}.
- 
- Additionally, this option can specify that GCC should tune the performance
- of the code for a big.LITTLE system.  Permissible names are:
diff --git a/meta/recipes-devtools/gcc/gcc/0039-arm64-neoverse-n2-support.patch b/meta/recipes-devtools/gcc/gcc/0039-arm64-neoverse-n2-support.patch
deleted file mode 100644
index b3e0f396bd..0000000000
--- a/meta/recipes-devtools/gcc/gcc/0039-arm64-neoverse-n2-support.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 9428e9267435a62f672e2ba42df46432c021a9cf Mon Sep 17 00:00:00 2001
-From: Alex Coplan <alex.coplan@arm.com>
-Date: Tue, 29 Sep 2020 17:09:09 +0100
-Subject: [PATCH] aarch64: Add support for Neoverse N2 CPU
-
-This patch backports the AArch64 support for Arm's Neoverse N2 CPU to
-GCC 10.
-
-gcc/ChangeLog:
-
-	* config/aarch64/aarch64-cores.def: Add Neoverse N2.
-	* config/aarch64/aarch64-tune.md: Regenerate.
-	* doc/invoke.texi: Document AArch64 support for Neoverse N2.
-
-Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=9428e9267435a62f672e2ba42df46432c021a9cf]
-
-Signed-off-by: pgowda <pgowda.cve@gmail.com>
----
- gcc/config/aarch64/aarch64-cores.def | 3 +++
- gcc/config/aarch64/aarch64-tune.md   | 2 +-
- gcc/doc/invoke.texi                  | 4 ++--
- 3 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-cores.def
---- a/gcc/config/aarch64/aarch64-cores.def	2020-07-22 23:35:17.320384289 -0700
-+++ b/gcc/config/aarch64/aarch64-cores.def	2021-12-21 01:08:45.518472342 -0800
-@@ -135,6 +135,9 @@ AARCH64_CORE("zeus", zeus, cortexa57, 8_
- /* Qualcomm ('Q') cores. */
- AARCH64_CORE("saphira",     saphira,    saphira,    8_4A,  AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira,   0x51, 0xC01, -1)
- 
-+/* Armv8.5-A Architecture Processors.  */
-+AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen1, 0x41, 0xd49, -1)
-+
- /* ARMv8-A big.LITTLE implementations.  */
- 
- AARCH64_CORE("cortex-a57.cortex-a53",  cortexa57cortexa53, cortexa53, 8A,  AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1)
-diff --git a/gcc/config/aarch64/aarch64-tune.md b/gcc/config/aarch64/aarch64-tune.md
---- a/gcc/config/aarch64/aarch64-tune.md	2020-07-22 23:35:54.684795913 -0700
-+++ b/gcc/config/aarch64/aarch64-tune.md	2021-12-21 01:09:56.829252050 -0800
-@@ -1,5 +1,5 @@
- ;; -*- buffer-read-only: t -*-
- ;; Generated automatically by gentune.sh from aarch64-cores.def
- (define_attr "tune"
--	"cortexa34,cortexa35,cortexa53,cortexa57,cortexa72,cortexa73,thunderx,thunderxt88p1,thunderxt88,octeontx,octeontxt81,octeontxt83,thunderxt81,thunderxt83,emag,xgene1,falkor,qdf24xx,exynosm1,phecda,thunderx2t99p1,vulcan,thunderx2t99,cortexa55,cortexa75,cortexa76,cortexa76ae,cortexa77,cortexa65,cortexa65ae,ares,neoversen1,neoversee1,octeontx2,octeontx2t98,octeontx2t96,octeontx2t93,octeontx2f95,octeontx2f95n,octeontx2f95mm,tsv110,thunderx3t110,zeus,saphira,cortexa57cortexa53,cortexa72cortexa53,cortexa73cortexa35,cortexa73cortexa53,cortexa75cortexa55,cortexa76cortexa55"
-+	"cortexa34,cortexa35,cortexa53,cortexa57,cortexa72,cortexa73,thunderx,thunderxt88p1,thunderxt88,octeontx,octeontxt81,octeontxt83,thunderxt81,thunderxt83,emag,xgene1,falkor,qdf24xx,exynosm1,phecda,thunderx2t99p1,vulcan,thunderx2t99,cortexa55,cortexa75,cortexa76,cortexa76ae,cortexa77,cortexa65,cortexa65ae,ares,neoversen1,neoversee1,octeontx2,octeontx2t98,octeontx2t96,octeontx2t93,octeontx2f95,octeontx2f95n,octeontx2f95mm,tsv110,thunderx3t110,zeus,neoversen2,saphira,cortexa57cortexa53,cortexa72cortexa53,cortexa73cortexa35,cortexa73cortexa53,cortexa75cortexa55,cortexa76cortexa55"
- 	(const (symbol_ref "((enum attr_tune) aarch64_tune)")))
-diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
---- a/gcc/doc/invoke.texi	2021-12-21 00:50:18.345426447 -0800
-+++ b/gcc/doc/invoke.texi	2021-12-21 01:11:18.547853686 -0800
-@@ -17010,8 +17010,8 @@ performance of the code.  Permissible va
- @samp{cortex-a57}, @samp{cortex-a72}, @samp{cortex-a73}, @samp{cortex-a75},
- @samp{cortex-a76}, @samp{cortex-a76ae}, @samp{cortex-a77},
- @samp{cortex-a65}, @samp{cortex-a65ae}, @samp{cortex-a34},
--@samp{ares}, @samp{exynos-m1}, @samp{emag}, @samp{falkor},
--@samp{neoverse-e1},@samp{neoverse-n1},@samp{qdf24xx}, @samp{saphira},
-+@samp{ares}, @samp{exynos-m1}, @samp{emag}, @samp{falkor}, @samp{neoverse-e1},
-+@samp{neoverse-n1}, @samp{neoverse-n2}, @samp{qdf24xx}, @samp{saphira},
- @samp{phecda}, @samp{xgene1}, @samp{vulcan}, @samp{octeontx},
- @samp{octeontx81},  @samp{octeontx83},
- @samp{octeontx2}, @samp{octeontx2t98}, @samp{octeontx2t96}
diff --git a/meta/recipes-devtools/gcc/gcc_10.2.bb b/meta/recipes-devtools/gcc/gcc_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc_10.2.bb
rename to meta/recipes-devtools/gcc/gcc_10.3.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_10.2.bb b/meta/recipes-devtools/gcc/libgcc-initial_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc-initial_10.2.bb
rename to meta/recipes-devtools/gcc/libgcc-initial_10.3.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_10.2.bb b/meta/recipes-devtools/gcc/libgcc_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc_10.2.bb
rename to meta/recipes-devtools/gcc/libgcc_10.3.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran_10.2.bb b/meta/recipes-devtools/gcc/libgfortran_10.3.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgfortran_10.2.bb
rename to meta/recipes-devtools/gcc/libgfortran_10.3.bb
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 08/17] glibc: upgrade glibc-2.33 to latest version
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (6 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 07/17] gcc: upgrade to gcc-10.3 version Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 09/17] linux-yocto/5.4: update to v5.4.169 Anuj Mittal
                   ` (8 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: pgowda <pgowda.cve@gmail.com>

glibc-2.33 has been upgraded to latest version that includes many CVE and
other bug fixes.

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/glibc/0031-CVE-2021-43396.patch     | 182 ------------------
 meta/recipes-core/glibc/glibc_2.33.bb         |   1 -
 3 files changed, 1 insertion(+), 184 deletions(-)
 delete mode 100644 meta/recipes-core/glibc/glibc/0031-CVE-2021-43396.patch

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 4d69187961..63241ee951 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.33/master"
 PV = "2.33"
-SRCREV_glibc ?= "6090cf1330faf2deb17285758f327cb23b89ebf1"
+SRCREV_glibc ?= "55b99e9ed07688019609bd4dcd17d3ebf4572948"
 SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0031-CVE-2021-43396.patch b/meta/recipes-core/glibc/glibc/0031-CVE-2021-43396.patch
deleted file mode 100644
index 72fd68b302..0000000000
--- a/meta/recipes-core/glibc/glibc/0031-CVE-2021-43396.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From ff012870b2c02a62598c04daa1e54632e020fd7d Mon Sep 17 00:00:00 2001
-From: Nikita Popov <npv1310@gmail.com>
-Date: Tue, 2 Nov 2021 13:21:42 +0500
-Subject: [PATCH] gconv: Do not emit spurious NUL character in ISO-2022-JP-3
- (bug 28524)
-
-Bugfix 27256 has introduced another issue:
-In conversion from ISO-2022-JP-3 encoding, it is possible
-to force iconv to emit extra NUL character on internal state reset.
-To do this, it is sufficient to feed iconv with escape sequence
-which switches active character set.
-The simplified check 'data->__statep->__count != ASCII_set'
-introduced by the aforementioned bugfix picks that case and
-behaves as if '\0' character has been queued thus emitting it.
-
-To eliminate this issue, these steps are taken:
-* Restore original condition
-'(data->__statep->__count & ~7) != ASCII_set'.
-It is necessary since bits 0-2 may contain
-number of buffered input characters.
-* Check that queued character is not NUL.
-Similar step is taken for main conversion loop.
-
-Bundled test case follows following logic:
-* Try to convert ISO-2022-JP-3 escape sequence
-switching active character set
-* Reset internal state by providing NULL as input buffer
-* Ensure that nothing has been converted.
-
-Signed-off-by: Nikita Popov <npv1310@gmail.com>
-
-CVE: CVE-2021-43396
-Upstream-Status: Backport [ff012870b2c02a62598c04daa1e54632e020fd7d]
----
- iconvdata/Makefile        |  5 +++-
- iconvdata/bug-iconv15.c   | 60 +++++++++++++++++++++++++++++++++++++++
- iconvdata/iso-2022-jp-3.c | 28 ++++++++++++------
- 3 files changed, 84 insertions(+), 9 deletions(-)
- create mode 100644 iconvdata/bug-iconv15.c
-
-diff --git a/iconvdata/bug-iconv15.c b/iconvdata/bug-iconv15.c
-new file mode 100644
---- /dev/null
-+++ b/iconvdata/bug-iconv15.c
-@@ -0,0 +1,60 @@
-+/* Bug 28524: Conversion from ISO-2022-JP-3 with iconv
-+   may emit spurious NUL character on state reset.
-+   Copyright (C) The GNU Toolchain Authors.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <stddef.h>
-+#include <iconv.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+  char in[] = "\x1b(I";
-+  char *inbuf = in;
-+  size_t inleft = sizeof (in) - 1;
-+  char out[1];
-+  char *outbuf = out;
-+  size_t outleft = sizeof (out);
-+  iconv_t cd;
-+
-+  cd = iconv_open ("UTF8", "ISO-2022-JP-3");
-+  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+  /* First call to iconv should alter internal state.
-+     Now, JISX0201_Kana_set is selected and
-+     state value != ASCII_set.  */
-+  TEST_VERIFY (iconv (cd, &inbuf, &inleft, &outbuf, &outleft) != (size_t) -1);
-+
-+  /* No bytes should have been added to
-+     the output buffer at this point.  */
-+  TEST_VERIFY (outbuf == out);
-+  TEST_VERIFY (outleft == sizeof (out));
-+
-+  /* Second call shall emit spurious NUL character in unpatched glibc.  */
-+  TEST_VERIFY (iconv (cd, NULL, NULL, &outbuf, &outleft) != (size_t) -1);
-+
-+  /* No characters are expected to be produced.  */
-+  TEST_VERIFY (outbuf == out);
-+  TEST_VERIFY (outleft == sizeof (out));
-+
-+  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/iconvdata/iso-2022-jp-3.c b/iconvdata/iso-2022-jp-3.c
---- a/iconvdata/iso-2022-jp-3.c
-+++ b/iconvdata/iso-2022-jp-3.c
-@@ -1,5 +1,6 @@
- /* Conversion module for ISO-2022-JP-3.
-    Copyright (C) 1998-2021 Free Software Foundation, Inc.
-+   Copyright (C) The GNU Toolchain Authors.
-    This file is part of the GNU C Library.
-    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998,
-    and Bruno Haible <bruno@clisp.org>, 2002.
-@@ -81,20 +82,31 @@ enum
-    the output state to the initial state.  This has to be done during the
-    flushing.  */
- #define EMIT_SHIFT_TO_INIT \
--  if (data->__statep->__count != ASCII_set)			      \
-+  if ((data->__statep->__count & ~7) != ASCII_set)			      \
-     {									      \
-       if (FROM_DIRECTION)						      \
- 	{								      \
--	  if (__glibc_likely (outbuf + 4 <= outend))			      \
-+	  uint32_t ch = data->__statep->__count >> 6;			      \
-+									      \
-+	  if (__glibc_unlikely (ch != 0))				      \
- 	    {								      \
--	      /* Write out the last character.  */			      \
--	      *((uint32_t *) outbuf) = data->__statep->__count >> 6;	      \
--	      outbuf += sizeof (uint32_t);				      \
--	      data->__statep->__count = ASCII_set;			\
-+	      if (__glibc_likely (outbuf + 4 <= outend))		      \
-+		{							      \
-+		  /* Write out the last character.  */			      \
-+		  put32u (outbuf, ch);					      \
-+		  outbuf += 4;						      \
-+		  data->__statep->__count &= 7;				      \
-+		  data->__statep->__count |= ASCII_set;			      \
-+		}							      \
-+	      else							      \
-+		/* We don't have enough room in the output buffer.  */	      \
-+		status = __GCONV_FULL_OUTPUT;				      \
- 	    }								      \
- 	  else								      \
--	    /* We don't have enough room in the output buffer.  */	      \
--	    status = __GCONV_FULL_OUTPUT;				      \
-+	    {								      \
-+	      data->__statep->__count &= 7;				      \
-+	      data->__statep->__count |= ASCII_set;			      \
-+	    }								      \
- 	}								      \
-       else								      \
- 	{								      \
-diff --git a/iconvdata/Makefile b/iconvdata/Makefile
---- a/iconvdata/Makefile
-+++ b/iconvdata/Makefile
-@@ -1,4 +1,5 @@
- # Copyright (C) 1997-2021 Free Software Foundation, Inc.
-+# Copyright (C) The GNU Toolchain Authors.
- # This file is part of the GNU C Library.
- 
- # The GNU C Library is free software; you can redistribute it and/or
-@@ -74,7 +75,7 @@ ifeq (yes,$(build-shared))
- tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
- 	tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
- 	bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
--	bug-iconv13 bug-iconv14
-+	bug-iconv13 bug-iconv14 bug-iconv15
- ifeq ($(have-thread-library),yes)
- tests += bug-iconv3
- endif
-@@ -324,6 +325,8 @@ $(objpfx)bug-iconv12.out: $(objpfx)gconv
- 			  $(addprefix $(objpfx),$(modules.so))
- $(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \
- 			  $(addprefix $(objpfx),$(modules.so))
-+$(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \
-+			  $(addprefix $(objpfx),$(modules.so))
- 
- $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
- 			 $(addprefix $(objpfx),$(modules.so)) \
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index b7736359b1..a1e9eb3a16 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -56,7 +56,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
            file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
            file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
-           file://0031-CVE-2021-43396.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 09/17] linux-yocto/5.4: update to v5.4.169
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (7 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 08/17] glibc: upgrade glibc-2.33 to latest version Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 10/17] linux-yocto/5.4: update to v5.4.170 Anuj Mittal
                   ` (7 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

4ca2eaf1d477 Linux 5.4.169
48c76fc53582 phonet/pep: refuse to enable an unbound pipe
a5c6a13e9056 hamradio: improve the incomplete fix to avoid NPD
ef5f7bfa19e3 hamradio: defer ax25 kfree after unregister_netdev
df8f79bcc2e4 ax25: NPD bug when detaching AX25 device
0333eaf38500 hwmon: (lm90) Do not report 'busy' status bit as alarm
bf260ff4a42f hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
f373298e1bf0 pinctrl: mediatek: fix global-out-of-bounds issue
bf04afb6137f mm: mempolicy: fix THP allocations escaping mempolicy restrictions
f5db6bc93494 KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
06c13e039d92 usb: gadget: u_ether: fix race in setting MAC address in setup phase
b0406b5ef4e2 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
806142c805ca tee: optee: Fix incorrect page free bug
5478b90270a3 ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
1c3d4122bec6 mmc: core: Disable card detect during shutdown
e9db8fc6c7af mmc: sdhci-tegra: Fix switch to HS400ES mode
d9031ce0b071 pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
c7b2e5850ba6 x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ddc1d49e10a7 parisc: Correct completer in lws start
8467c8cb94a4 ipmi: fix initialization when workqueue allocation fails
8efd6a3391f7 ipmi: ssif: initialize ssif_info->client early
cd24bafefc17 ipmi: bail out if init_srcu_struct fails
5525d80dc9dd Input: atmel_mxt_ts - fix double free in mxt_read_info_block
737a98d91b07 ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
8df036befbc3 ALSA: drivers: opl3: Fix incorrect use of vp->state
fdaf41977d77 ALSA: jack: Check the return value of kstrdup()
44c743f63dd3 hwmon: (lm90) Drop critical attribute support for MAX6654
4615c9740575 hwmon: (lm90) Introduce flag indicating extended temperature support
c2242478f28d hwmon: (lm90) Add basic support for TI TMP461
d939660eff62 hwmon: (lm90) Add max6654 support to lm90 driver
055ca98d48ba hwmon: (lm90) Fix usage of CONFIG2 register in detect function
a7f95328c6f0 Input: elantech - fix stack out of bound access in elantech_change_report_id()
e12dcd4aa7f4 sfc: falcon: Check null pointer of rx_queue->page_ring
c11a41e26985 drivers: net: smc911x: Check for error irq
5d556b1437e1 fjes: Check for error irq
d7024080db82 bonding: fix ad_actor_system option setting to default
992649b8b168 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
2460d96c19a8 net: skip virtio_net_hdr_set_proto if protocol already set
621d5536b452 net: accept UFOv6 packages in virtio_net_hdr_to_skb
0b01c51c4f47 qlcnic: potential dereference null pointer of rx_queue->page_ring
685fc8d22489 netfilter: fix regression in looped (broad|multi)cast's MAC handling
79dcbd817615 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
78874bca4f27 spi: change clk_disable_unprepare to clk_unprepare
0c0ac2547c87 arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
6fa4e2992717 HID: holtek: fix mouse probing
2712816c10b3 serial: 8250_fintek: Fix garbled text for console
51c925a9bccc net: usb: lan78xx: add Allied Telesis AT29M2-AF
8f843cf57202 Linux 5.4.168
0d99b3c6bd39 xen/netback: don't queue unlimited number of packages
8bfcd0385211 xen/netback: fix rx queue stall detection
560e64413b4a xen/console: harden hvc_xen against event channel storms
3e68d099f09c xen/netfront: harden netfront against event channel storms
4ed9f5c511ce xen/blkfront: harden blkfront against event channel storms
192fe5739571 Revert "xsk: Do not sleep in poll() when need_wakeup set"
e281b7199236 net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info
96a1550a2b43 mac80211: fix regression in SSN handling of addba tx
66aba15a144a rcu: Mark accesses to rcu_state.n_force_qs
b847ecff8507 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
f9f300a92297 ovl: fix warning in ovl_create_real()
ba2a9d8f8ef1 fuse: annotate lock in fuse_reverse_inval_entry()
96f182c9f48b media: mxl111sf: change mutex_init() location
095ad3969b62 xsk: Do not sleep in poll() when need_wakeup set
29e9fdf7b681 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
f6e9e7be9b80 Input: touchscreen - avoid bitwise vs logical OR warning
3d45573dfb6e mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
a19cf6844b50 mac80211: validate extended element ID is present
e070c0c990d7 drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
c9ee8144e409 libata: if T_LENGTH is zero, dma direction should be DMA_NONE
62889094939c timekeeping: Really make sure wall_to_monotonic isn't positive
241d36219aaa USB: serial: option: add Telit FN990 compositions
d2bb4378e2bb USB: serial: cp210x: fix CP2105 GPIO registration
bae7f0808202 usb: xhci: Extend support for runtime power management for AMD's Yellow carp.
3dc6b5f2a4d5 PCI/MSI: Mask MSI-X vectors only on success
c520e7cf82ac PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
ed31692a9758 USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
aae3448b78d9 USB: gadget: bRequestType is a bitfield, not a enum
ad0ed314d616 sit: do not call ipip6_dev_free() from sit_init_net()
c675256a7f13 net: systemport: Add global locking for descriptor lifecycle
2bf888fa4a5c net/smc: Prevent smc_release() from long blocking
56a6ffea18c2 net: Fix double 0x prefix print in SKB dump
027a13973dad net/packet: rx_owner_map depends on pg_vec
699e794c12a3 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
a97e7dd4b713 ixgbe: set X550 MDIO speed before talking to PHY
8addba6cab94 igbvf: fix double free in `igbvf_probe`
36844e250a2e igb: Fix removal of unicast MAC filters of VFs
bca4a53ea72c soc/tegra: fuse: Fix bitwise vs. logical OR warning
166f0adf7e75 rds: memory leak in __rds_conn_create()
9cb405ee5334 flow_offload: return EOPNOTSUPP for the unsupported mpls action type
066a637d1ce7 net: sched: lock action when translating it to flow_action infra
e7660f9535ad mac80211: fix lookup when adding AddBA extension element
f363af7c7045 mac80211: accept aggregation sessions on 6 GHz
1e6526148149 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
ceb30f48d817 mac80211: agg-tx: refactor sending addba
eeaf9c0609e0 selftest/net/forwarding: declare NETIFS p9 p10
2252220d9ebb dmaengine: st_fdma: fix MODULE_ALIAS
18203fe17643 selftests: Fix IPv6 address bind tests
b46f0afa74e7 selftests: Fix raw socket bind tests with VRF
7b5596e53125 inet_diag: fix kernel-infoleak for UDP sockets
2c589cf07bd5 inet_diag: use jiffies_delta_to_msecs()
0d80462fbdca sch_cake: do not call cake_destroy() from cake_init()
2fba53ccfb1b s390/kexec_file: fix error handling when applying relocations
b380bf012d2b selftests: net: Correct ping6 expected rc from 2 to 1
ec5c00be7836 clk: Don't parent clks until the parent is fully registered
f83ed203c822 ARM: socfpga: dts: fix qspi node compatible
46b9e29db201 mac80211: track only QoS data frames for admission control
a6f18191c6c1 arm64: dts: rockchip: fix audio-supply for Rock Pi 4
86f2789e3c15 arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
4bb01424330d arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge
e0759696de68 nfsd: fix use-after-free due to delegation race
7243aa71509a iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
0d3277eabd54 audit: improve robustness of the audit queue handling
501ecd90efdc dm btree remove: fix use after free in rebalance_children()
b25e213522f6 recordmcount.pl: look for jgnop instruction as well as bcrl on s390
c0954f1010ad virtio_ring: Fix querying of maximum DMA mapping size for virtio device
802a1a850156 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
33f0dfab3187 mac80211: send ADDBA requests using the tid/queue of the aggregation session
873e664a83ef mac80211: mark TX-during-stop for TX in in_reconfig
ff3e3fdc737a KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 8922c0622d..4954988f80 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "2bddc20729f986e46ba5b802fa6ce8716ee34506"
-SRCREV_meta ?= "ff304dbaec03398dc510602800b19d28b7c82927"
+SRCREV_machine ?= "66f69e8b3cc56e22c8b78f3141fd736fc1c5859b"
+SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.167"
+LINUX_VERSION ?= "5.4.169"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index a2db551ccb..60f13669e1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.167"
+LINUX_VERSION ?= "5.4.169"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "e8825a1df3d08af26acf8fc2ddb140c40aa233f4"
-SRCREV_machine ?= "b9dbced11f660908cec12d5e1339bbff0ac28d59"
-SRCREV_meta ?= "ff304dbaec03398dc510602800b19d28b7c82927"
+SRCREV_machine_qemuarm ?= "092520553603d101c48aafd95aac45f5f455882a"
+SRCREV_machine ?= "d44538a3be2f25dc1c768d0ed31d18af18cc2aee"
+SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 78479b37e7..ceb1952382 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "6669d1a2f103a3275306cde2486a0c133ab288a4"
-SRCREV_machine_qemuarm64 ?= "0727e136f0c04aac28ee442d1a5b208d41021c00"
-SRCREV_machine_qemumips ?= "ec2a556c8c4bea3c26d85d9097fcb7bc37d9b470"
-SRCREV_machine_qemuppc ?= "dc1f229c713f712f3e29a8f3a20e45120aeccf2a"
-SRCREV_machine_qemuriscv64 ?= "6244469059318276e2ffca54f85ecd3d13cd6756"
-SRCREV_machine_qemux86 ?= "6244469059318276e2ffca54f85ecd3d13cd6756"
-SRCREV_machine_qemux86-64 ?= "6244469059318276e2ffca54f85ecd3d13cd6756"
-SRCREV_machine_qemumips64 ?= "ec66f75ec62c5b2f576b98dcfd7dc870643590da"
-SRCREV_machine ?= "6244469059318276e2ffca54f85ecd3d13cd6756"
-SRCREV_meta ?= "ff304dbaec03398dc510602800b19d28b7c82927"
+SRCREV_machine_qemuarm ?= "69471f4c5c895fe6ccef696800c7ef2bda3ad2fd"
+SRCREV_machine_qemuarm64 ?= "e0b9164ac4b0d53e7bd42bf1d2322eb5ce462d68"
+SRCREV_machine_qemumips ?= "7bf5ddb8e9ae1284cb4e02bed7f9429bec0b39c4"
+SRCREV_machine_qemuppc ?= "b0054e5e7451561a7c6a6d6a401395fbd0395801"
+SRCREV_machine_qemuriscv64 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
+SRCREV_machine_qemux86 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
+SRCREV_machine_qemux86-64 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
+SRCREV_machine_qemumips64 ?= "e8483ea124a1715790eba584ee2ad8aac1e15edf"
+SRCREV_machine ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
+SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.167"
+LINUX_VERSION ?= "5.4.169"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 10/17] linux-yocto/5.4: update to v5.4.170
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (8 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 09/17] linux-yocto/5.4: update to v5.4.169 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 11/17] linux-yocto/5.4: update to v5.4.171 Anuj Mittal
                   ` (6 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

047dedaa38ce Linux 5.4.170
2c3920c58e03 perf script: Fix CPU filtering of a script's switch events
fe5838c22b98 net: fix use-after-free in tw_timer_handler
46556c4ecd63 Input: spaceball - fix parsing of movement data packets
975774ea7528 Input: appletouch - initialize work before device registration
436f6d0005d6 scsi: vmw_pvscsi: Set residual data length conditionally
103b16a8c51f binder: fix async_free_space accounting for empty parcels
98cde4dd5ec8 usb: mtu3: set interval of FS intr and isoc endpoint
585e2b244dda usb: mtu3: fix list_head check warning
50434eb6098f usb: mtu3: add memory barrier before set GPD's HWO
240fc586e83d usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
20d80640fa61 xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
b364fcef9615 uapi: fix linux/nfc.h userspace compilation errors
245c5e43cd25 nfc: uapi: use kernel size_t to fix user-space builds
9e4a3f47eff4 i2c: validate user data in compat ioctl
a7d3a1c6d9d9 fsl/fman: Fix missing put_device() call in fman_port_probe
2dc95e936414 net/ncsi: check for error return from call to nla_put_u32
ef01d63140f5 selftests/net: udpgso_bench_tx: fix dst ip argument
20f6896787c5 net/mlx5e: Fix wrong features assignment in case of error
b85f87d30dba ionic: Initialize the 'lif->dbid_inuse' bitmap
1cd4063dbc91 NFC: st21nfca: Fix memory leak in device probe and remove
44cd64aa1c43 net: lantiq_xrx200: fix statistics of received bytes
3477f4b67ee4 net: usb: pegasus: Do not drop long Ethernet frames
831de271452b sctp: use call_rcu to free endpoint
3218d6bd6195 selftests: Calculate udpgso segment count without header adjustment
0a2e9f6a8f33 udp: using datalen to cap ipv6 udp max gso segments
db484d35a948 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
cc926b8f4d39 scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
44937652afdb selinux: initialize proto variable in selinux_ip_postroute_compat()
b536e357e73c recordmcount.pl: fix typo in s390 mcount regex
8d86b486e0de memblock: fix memblock_phys_alloc() section mismatch error
4606bfdaeb16 platform/x86: apple-gmux: use resource_size() with res
930d4986a432 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
7978ddae240b Input: i8042 - enable deferred probe quirk for ASUS UM325UA
f93d5dca7d84 Input: i8042 - add deferred probe support
940e68e57ab6 tee: handle lookup of shm with reference count 0
4b38b12092b4 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 4954988f80..c5fa8b2380 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "66f69e8b3cc56e22c8b78f3141fd736fc1c5859b"
-SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
+SRCREV_machine ?= "693f365a839705814228d4d7a9fb362285af3542"
+SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.169"
+LINUX_VERSION ?= "5.4.170"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 60f13669e1..c5e6e16357 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.169"
+LINUX_VERSION ?= "5.4.170"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "092520553603d101c48aafd95aac45f5f455882a"
-SRCREV_machine ?= "d44538a3be2f25dc1c768d0ed31d18af18cc2aee"
-SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
+SRCREV_machine_qemuarm ?= "f0f037abc011fc633c51f9557471babb368668f3"
+SRCREV_machine ?= "0c76d34c0744a8f3d8b4a41860fc9f12624b082a"
+SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index ceb1952382..a09b29ce99 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "69471f4c5c895fe6ccef696800c7ef2bda3ad2fd"
-SRCREV_machine_qemuarm64 ?= "e0b9164ac4b0d53e7bd42bf1d2322eb5ce462d68"
-SRCREV_machine_qemumips ?= "7bf5ddb8e9ae1284cb4e02bed7f9429bec0b39c4"
-SRCREV_machine_qemuppc ?= "b0054e5e7451561a7c6a6d6a401395fbd0395801"
-SRCREV_machine_qemuriscv64 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
-SRCREV_machine_qemux86 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
-SRCREV_machine_qemux86-64 ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
-SRCREV_machine_qemumips64 ?= "e8483ea124a1715790eba584ee2ad8aac1e15edf"
-SRCREV_machine ?= "01fe83c50f9aeb4da7c7c7d63a6c7afea83216ef"
-SRCREV_meta ?= "dcbd44e70b6bc80a04cc92b625b1a3eaa2f78fc0"
+SRCREV_machine_qemuarm ?= "2ee0677973f1c676d52c6864c0a227b8d0a91a3d"
+SRCREV_machine_qemuarm64 ?= "205b919a1a53a5c46ff432cfc7292cbf688f34ce"
+SRCREV_machine_qemumips ?= "ff59072d3f2b8189e65f1006357d003ef68ec03b"
+SRCREV_machine_qemuppc ?= "bd68bc38761902dea6a823853f6044f6688751ca"
+SRCREV_machine_qemuriscv64 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
+SRCREV_machine_qemux86 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
+SRCREV_machine_qemux86-64 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
+SRCREV_machine_qemumips64 ?= "8aa05337ebd7798187b81f2561de15f2074a5eca"
+SRCREV_machine ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
+SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.169"
+LINUX_VERSION ?= "5.4.170"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 11/17] linux-yocto/5.4: update to v5.4.171
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (9 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 10/17] linux-yocto/5.4: update to v5.4.170 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 12/17] linux-yocto/5.4: update to v5.4.172 Anuj Mittal
                   ` (5 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    0a4ce4977bbe Linux 5.4.171
    0101f118529d mISDN: change function names to avoid conflicts
    34821931e18e atlantic: Fix buff_ring OOB in aq_ring_rx_clean
    44065cc11797 net: udp: fix alignment problem in udp4_seq_show()
    0ad45baead37 ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
    8b36aa5af4da scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
    6a3ffcc9ffd0 usb: mtu3: fix interval value for intr and isoc
    f0e57098243c ipv6: Do cleanup if attribute validation fails in multipath route
    c94999cfbbbe ipv6: Continue processing multipath route even if gateway attribute is invalid
    2a6a811a45fd phonet: refcount leak in pep_sock_accep
    db0c834abbc1 rndis_host: support Hytera digital radios
    72eb522ae6f1 power: reset: ltc2952: Fix use of floating point literals
    159eaafee69b power: supply: core: Break capacity loop
    102af6edfd3a xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
    10f2c336929d net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
    c0db2e1e60c6 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
    bcbfc7780047 batman-adv: mcast: don't send link-local multicast to mcast routers
    76936ddb4913 lwtunnel: Validate RTA_ENCAP_TYPE attribute length
    2ebd777513d9 ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
    a02d2be7eb48 ipv6: Check attribute length for RTA_GATEWAY in multipath route
    34224e936a9d ipv4: Check attribute length for RTA_FLOW in multipath route
    125d91f07233 ipv4: Check attribute length for RTA_GATEWAY in multipath route
    1f46721836ee i40e: Fix incorrect netdev's real number of RX/TX queues
    f98acd3b4dcf i40e: Fix for displaying message regarding NVM version
    c340d45148c4 i40e: fix use-after-free in i40e_sync_filters_subtask()
    38fbb1561d66 mac80211: initialize variable have_higher_than_11mbit
    7646a340b25b RDMA/uverbs: Check for null return of kmalloc_array
    5eb5d9c6591d RDMA/core: Don't infoleak GRH fields
    415fc3f59595 iavf: Fix limit of total number of queues to active queues of VF
    23ebe9cfda5e ieee802154: atusb: fix uninit value in atusb_set_extended_addr
    aa171d748a36 tracing: Tag trace_percpu_buffer as a percpu pointer
    db50ad6eec87 tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
    cbbed1338d76 selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
    6904679c8400 Input: touchscreen - Fix backport of a02dcde595f7cbd240ccd64de96034ad91cffc40
    6e80d2ee44c6 f2fs: quota: fix potential deadlock

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index c5fa8b2380..48a96b265b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "693f365a839705814228d4d7a9fb362285af3542"
-SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
+SRCREV_machine ?= "2e96217d85f653d79f1e691c84aaf178931550a7"
+SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.170"
+LINUX_VERSION ?= "5.4.171"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index c5e6e16357..80d260cf88 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.170"
+LINUX_VERSION ?= "5.4.171"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "f0f037abc011fc633c51f9557471babb368668f3"
-SRCREV_machine ?= "0c76d34c0744a8f3d8b4a41860fc9f12624b082a"
-SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
+SRCREV_machine_qemuarm ?= "59c50d08a8c111c9941b53cc3903cafc7b9339f0"
+SRCREV_machine ?= "da1b138e527f276887038d0091980ec5bfbd0824"
+SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index a09b29ce99..c467a690d0 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "2ee0677973f1c676d52c6864c0a227b8d0a91a3d"
-SRCREV_machine_qemuarm64 ?= "205b919a1a53a5c46ff432cfc7292cbf688f34ce"
-SRCREV_machine_qemumips ?= "ff59072d3f2b8189e65f1006357d003ef68ec03b"
-SRCREV_machine_qemuppc ?= "bd68bc38761902dea6a823853f6044f6688751ca"
-SRCREV_machine_qemuriscv64 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
-SRCREV_machine_qemux86 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
-SRCREV_machine_qemux86-64 ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
-SRCREV_machine_qemumips64 ?= "8aa05337ebd7798187b81f2561de15f2074a5eca"
-SRCREV_machine ?= "d4f5a7cecc479dcfff63bd7e92507521956fb8b8"
-SRCREV_meta ?= "3ff7377107711b2670620aac2be36b3edefe7f37"
+SRCREV_machine_qemuarm ?= "c961afa9250955e8bc4e286fba5942181cdfce45"
+SRCREV_machine_qemuarm64 ?= "0408baf57ccb7975ea0291418f44c1bf241b9792"
+SRCREV_machine_qemumips ?= "1e20719de0a733cf6c9f1f5467a16e8449dd1eb3"
+SRCREV_machine_qemuppc ?= "40c08791a68abb946948e1aea7532dc156e9eaa5"
+SRCREV_machine_qemuriscv64 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
+SRCREV_machine_qemux86 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
+SRCREV_machine_qemux86-64 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
+SRCREV_machine_qemumips64 ?= "31c53aae874ab1a677be38ffe29dc0e7084a08f4"
+SRCREV_machine ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
+SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.170"
+LINUX_VERSION ?= "5.4.171"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 12/17] linux-yocto/5.4: update to v5.4.172
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (10 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 11/17] linux-yocto/5.4: update to v5.4.171 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 13/17] expat fix CVE-2022-22822 through CVE-2022-22827 Anuj Mittal
                   ` (4 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    b7f70762d158 Linux 5.4.172
    f415409551b0 staging: greybus: fix stack size warning with UBSAN
    65c2e7176f77 drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
    86ded7a6cf40 staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
    a459686f986c media: Revert "media: uvcvideo: Set unique vdev name based in type"
    7e07bedae159 random: fix crash on multiple early calls to add_bootloader_randomness()
    517ab153f503 random: fix data race on crng init time
    90ceecdaa062 random: fix data race on crng_node_pool
    a4fa4377c91b can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
    e90a7524b5c8 can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
    9e9241d3345a drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
    ada3805f1423 mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
    d08a0a88db88 veth: Do not record rx queue hint in veth_xmit
    a6722b497401 mmc: sdhci-pci: Add PCI ID for Intel ADL
    1199f0928488 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
    43aac50196f3 USB: core: Fix bug in resuming hub's handling of wakeup requests
    ed5c2683b67b Bluetooth: bfusb: fix division by zero in send path
    784e873af3dc Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
    ad07b60837b2 workqueue: Fix unbind_workers() VS wq_worker_running() race

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 48a96b265b..b7a07bb17b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "2e96217d85f653d79f1e691c84aaf178931550a7"
-SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
+SRCREV_machine ?= "e92d76afe6d8592917c0e7b948912c085e661df2"
+SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.171"
+LINUX_VERSION ?= "5.4.172"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 80d260cf88..a75570df93 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.171"
+LINUX_VERSION ?= "5.4.172"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "59c50d08a8c111c9941b53cc3903cafc7b9339f0"
-SRCREV_machine ?= "da1b138e527f276887038d0091980ec5bfbd0824"
-SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
+SRCREV_machine_qemuarm ?= "10b4756eee78aa43ff9ed64da700ec6e8d97ff22"
+SRCREV_machine ?= "6ab93fdc53b64e146e4f16363375c1beb37b82e4"
+SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index c467a690d0..db80789ba9 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "c961afa9250955e8bc4e286fba5942181cdfce45"
-SRCREV_machine_qemuarm64 ?= "0408baf57ccb7975ea0291418f44c1bf241b9792"
-SRCREV_machine_qemumips ?= "1e20719de0a733cf6c9f1f5467a16e8449dd1eb3"
-SRCREV_machine_qemuppc ?= "40c08791a68abb946948e1aea7532dc156e9eaa5"
-SRCREV_machine_qemuriscv64 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
-SRCREV_machine_qemux86 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
-SRCREV_machine_qemux86-64 ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
-SRCREV_machine_qemumips64 ?= "31c53aae874ab1a677be38ffe29dc0e7084a08f4"
-SRCREV_machine ?= "3889c10487e465acf5a2ecf182be8a9adb8ce863"
-SRCREV_meta ?= "17ac54a7a0b472a035fea8aacd1f31c1fa322ff0"
+SRCREV_machine_qemuarm ?= "8de1da3dc354dedef2e435e694eec6d6e72c9822"
+SRCREV_machine_qemuarm64 ?= "eed7c0a64f3a7a91a130bc2e507304dc8b446a31"
+SRCREV_machine_qemumips ?= "996a9660e4fab70db5cecec9c831141cd03c3d36"
+SRCREV_machine_qemuppc ?= "0197cf5754b1bd4eb035c342af9cc27e8c3339ca"
+SRCREV_machine_qemuriscv64 ?= "c6b015510134942076c0e111e56357656acf3dd5"
+SRCREV_machine_qemux86 ?= "c6b015510134942076c0e111e56357656acf3dd5"
+SRCREV_machine_qemux86-64 ?= "c6b015510134942076c0e111e56357656acf3dd5"
+SRCREV_machine_qemumips64 ?= "fe2769a7c268ed224ec70fd2aaab850e4eef70dc"
+SRCREV_machine ?= "c6b015510134942076c0e111e56357656acf3dd5"
+SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.171"
+LINUX_VERSION ?= "5.4.172"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 13/17] expat fix CVE-2022-22822 through CVE-2022-22827
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (11 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 12/17] linux-yocto/5.4: update to v5.4.172 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 14/17] expat: fix CVE-2021-45960 Anuj Mittal
                   ` (3 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Steve Sakoman <steve@sakoman.com>

xmlparse.c has multiple integer overflows. The involved functions are:

- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)

Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e

CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 3b6c47c0ebae9fdb7a13480daf8f46a8dbb2c9bd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../expat/expat/CVE-2022-22822-27.patch       | 257 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.10.bb       |   1 +
 2 files changed, 258 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-22822-27.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch b/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch
new file mode 100644
index 0000000000..e569fbc7ab
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-22822-27.patch
@@ -0,0 +1,257 @@
+From 9f93e8036e842329863bf20395b8fb8f73834d9e Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 30 Dec 2021 22:46:03 +0100
+Subject: [PATCH] lib: Prevent integer overflow at multiple places
+ (CVE-2022-22822 to CVE-2022-22827)
+
+The involved functions are:
+- addBinding (CVE-2022-22822)
+- build_model (CVE-2022-22823)
+- defineAttribute (CVE-2022-22824)
+- lookup (CVE-2022-22825)
+- nextScaffoldPart (CVE-2022-22826)
+- storeAtts (CVE-2022-22827)
+
+Upstream-Status: Backport:
+https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e
+
+CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmlparse.c | 153 ++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 151 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 8f243126..575e73ee 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3261,13 +3261,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ 
+   /* get the attributes from the tokenizer */
+   n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts);
++
++  /* Detect and prevent integer overflow */
++  if (n > INT_MAX - nDefaultAtts) {
++    return XML_ERROR_NO_MEMORY;
++  }
++
+   if (n + nDefaultAtts > parser->m_attsSize) {
+     int oldAttsSize = parser->m_attsSize;
+     ATTRIBUTE *temp;
+ #ifdef XML_ATTR_INFO
+     XML_AttrInfo *temp2;
+ #endif
++
++    /* Detect and prevent integer overflow */
++    if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE)
++        || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) {
++      return XML_ERROR_NO_MEMORY;
++    }
++
+     parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
++
++    /* Detect and prevent integer overflow.
++     * The preprocessor guard addresses the "always false" warning
++     * from -Wtype-limits on platforms where
++     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++    if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {
++      parser->m_attsSize = oldAttsSize;
++      return XML_ERROR_NO_MEMORY;
++    }
++#endif
++
+     temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts,
+                                 parser->m_attsSize * sizeof(ATTRIBUTE));
+     if (temp == NULL) {
+@@ -3276,6 +3301,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+     }
+     parser->m_atts = temp;
+ #ifdef XML_ATTR_INFO
++    /* Detect and prevent integer overflow.
++     * The preprocessor guard addresses the "always false" warning
++     * from -Wtype-limits on platforms where
++     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#  if UINT_MAX >= SIZE_MAX
++    if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) {
++      parser->m_attsSize = oldAttsSize;
++      return XML_ERROR_NO_MEMORY;
++    }
++#  endif
++
+     temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo,
+                                     parser->m_attsSize * sizeof(XML_AttrInfo));
+     if (temp2 == NULL) {
+@@ -3610,9 +3646,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+   tagNamePtr->prefixLen = prefixLen;
+   for (i = 0; localPart[i++];)
+     ; /* i includes null terminator */
++
++  /* Detect and prevent integer overflow */
++  if (binding->uriLen > INT_MAX - prefixLen
++      || i > INT_MAX - (binding->uriLen + prefixLen)) {
++    return XML_ERROR_NO_MEMORY;
++  }
++
+   n = i + binding->uriLen + prefixLen;
+   if (n > binding->uriAlloc) {
+     TAG *p;
++
++    /* Detect and prevent integer overflow */
++    if (n > INT_MAX - EXPAND_SPARE) {
++      return XML_ERROR_NO_MEMORY;
++    }
++    /* Detect and prevent integer overflow.
++     * The preprocessor guard addresses the "always false" warning
++     * from -Wtype-limits on platforms where
++     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++    if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++      return XML_ERROR_NO_MEMORY;
++    }
++#endif
++
+     uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));
+     if (! uri)
+       return XML_ERROR_NO_MEMORY;
+@@ -3708,6 +3766,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+   if (parser->m_freeBindingList) {
+     b = parser->m_freeBindingList;
+     if (len > b->uriAlloc) {
++      /* Detect and prevent integer overflow */
++      if (len > INT_MAX - EXPAND_SPARE) {
++        return XML_ERROR_NO_MEMORY;
++      }
++
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++        return XML_ERROR_NO_MEMORY;
++      }
++#endif
++
+       XML_Char *temp = (XML_Char *)REALLOC(
+           parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));
+       if (temp == NULL)
+@@ -3720,6 +3793,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+     b = (BINDING *)MALLOC(parser, sizeof(BINDING));
+     if (! b)
+       return XML_ERROR_NO_MEMORY;
++
++    /* Detect and prevent integer overflow */
++    if (len > INT_MAX - EXPAND_SPARE) {
++      return XML_ERROR_NO_MEMORY;
++    }
++    /* Detect and prevent integer overflow.
++     * The preprocessor guard addresses the "always false" warning
++     * from -Wtype-limits on platforms where
++     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++    if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++      return XML_ERROR_NO_MEMORY;
++    }
++#endif
++
+     b->uri
+         = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));
+     if (! b->uri) {
+@@ -6141,7 +6229,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
+       }
+     } else {
+       DEFAULT_ATTRIBUTE *temp;
++
++      /* Detect and prevent integer overflow */
++      if (type->allocDefaultAtts > INT_MAX / 2) {
++        return 0;
++      }
++
+       int count = type->allocDefaultAtts * 2;
++
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) {
++        return 0;
++      }
++#endif
++
+       temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts,
+                                           (count * sizeof(DEFAULT_ATTRIBUTE)));
+       if (temp == NULL)
+@@ -6792,8 +6897,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
+     /* check for overflow (table is half full) */
+     if (table->used >> (table->power - 1)) {
+       unsigned char newPower = table->power + 1;
++
++      /* Detect and prevent invalid shift */
++      if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) {
++        return NULL;
++      }
++
+       size_t newSize = (size_t)1 << newPower;
+       unsigned long newMask = (unsigned long)newSize - 1;
++
++      /* Detect and prevent integer overflow */
++      if (newSize > (size_t)(-1) / sizeof(NAMED *)) {
++        return NULL;
++      }
++
+       size_t tsize = newSize * sizeof(NAMED *);
+       NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize);
+       if (! newV)
+@@ -7143,6 +7260,20 @@ nextScaffoldPart(XML_Parser parser) {
+   if (dtd->scaffCount >= dtd->scaffSize) {
+     CONTENT_SCAFFOLD *temp;
+     if (dtd->scaffold) {
++      /* Detect and prevent integer overflow */
++      if (dtd->scaffSize > UINT_MAX / 2u) {
++        return -1;
++      }
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) {
++        return -1;
++      }
++#endif
++
+       temp = (CONTENT_SCAFFOLD *)REALLOC(
+           parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));
+       if (temp == NULL)
+@@ -7212,8 +7343,26 @@ build_model(XML_Parser parser) {
+   XML_Content *ret;
+   XML_Content *cpos;
+   XML_Char *str;
+-  int allocsize = (dtd->scaffCount * sizeof(XML_Content)
+-                   + (dtd->contentStringLen * sizeof(XML_Char)));
++
++  /* Detect and prevent integer overflow.
++   * The preprocessor guard addresses the "always false" warning
++   * from -Wtype-limits on platforms where
++   * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++  if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) {
++    return NULL;
++  }
++  if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) {
++    return NULL;
++  }
++#endif
++  if (dtd->scaffCount * sizeof(XML_Content)
++      > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) {
++    return NULL;
++  }
++
++  const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content)
++                            + (dtd->contentStringLen * sizeof(XML_Char)));
+ 
+   ret = (XML_Content *)MALLOC(parser, allocsize);
+   if (! ret)
diff --git a/meta/recipes-core/expat/expat_2.2.10.bb b/meta/recipes-core/expat/expat_2.2.10.bb
index 08e8ff1cea..5a123305c4 100644
--- a/meta/recipes-core/expat/expat_2.2.10.bb
+++ b/meta/recipes-core/expat/expat_2.2.10.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
            file://libtool-tag.patch \
 	   file://run-ptest \
 	   file://0001-Add-output-of-tests-result.patch \
+           file://CVE-2022-22822-27.patch \
 	  "
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 14/17] expat: fix CVE-2021-45960
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (12 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 13/17] expat fix CVE-2022-22822 through CVE-2022-22827 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 15/17] expat: fix CVE-2021-46143 Anuj Mittal
                   ` (2 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Steve Sakoman <steve@sakoman.com>

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).

Backport patch from:
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea

CVE: CVE-2021-45960
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 22fe1dea3164a5cd4d5636376f3671641ada1da9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../expat/expat/CVE-2021-45960.patch          | 65 +++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.10.bb       |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-45960.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2021-45960.patch b/meta/recipes-core/expat/expat/CVE-2021-45960.patch
new file mode 100644
index 0000000000..523449e22c
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2021-45960.patch
@@ -0,0 +1,65 @@
+From 0adcb34c49bee5b19bd29b16a578c510c23597ea Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 27 Dec 2021 20:15:02 +0100
+Subject: [PATCH] lib: Detect and prevent troublesome left shifts in function
+ storeAtts (CVE-2021-45960)
+
+Upstream-Status: Backport:
+https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
+
+CVE: CVE-2021-45960
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ expat/lib/xmlparse.c | 31 +++++++++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index d730f41c3..b47c31b05 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3414,7 +3414,13 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+   if (nPrefixes) {
+     int j; /* hash table index */
+     unsigned long version = parser->m_nsAttsVersion;
+-    int nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++    /* Detect and prevent invalid shift */
++    if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) {
++      return XML_ERROR_NO_MEMORY;
++    }
++
++    unsigned int nsAttsSize = 1u << parser->m_nsAttsPower;
+     unsigned char oldNsAttsPower = parser->m_nsAttsPower;
+     /* size of hash table must be at least 2 * (# of prefixed attributes) */
+     if ((nPrefixes << 1)
+@@ -3425,7 +3431,28 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+         ;
+       if (parser->m_nsAttsPower < 3)
+         parser->m_nsAttsPower = 3;
+-      nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++      /* Detect and prevent invalid shift */
++      if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) {
++        /* Restore actual size of memory in m_nsAtts */
++        parser->m_nsAttsPower = oldNsAttsPower;
++        return XML_ERROR_NO_MEMORY;
++      }
++
++      nsAttsSize = 1u << parser->m_nsAttsPower;
++
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) {
++        /* Restore actual size of memory in m_nsAtts */
++        parser->m_nsAttsPower = oldNsAttsPower;
++        return XML_ERROR_NO_MEMORY;
++      }
++#endif
++
+       temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts,
+                                nsAttsSize * sizeof(NS_ATT));
+       if (! temp) {
diff --git a/meta/recipes-core/expat/expat_2.2.10.bb b/meta/recipes-core/expat/expat_2.2.10.bb
index 5a123305c4..7a892b0304 100644
--- a/meta/recipes-core/expat/expat_2.2.10.bb
+++ b/meta/recipes-core/expat/expat_2.2.10.bb
@@ -13,6 +13,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 	   file://run-ptest \
 	   file://0001-Add-output-of-tests-result.patch \
            file://CVE-2022-22822-27.patch \
+           file://CVE-2021-45960.patch \
 	  "
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 15/17] expat: fix CVE-2021-46143
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (13 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 14/17] expat: fix CVE-2021-45960 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 16/17] speex: fix CVE-2020-23903 Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 17/17] lighttpd: backport a fix for CVE-2022-22707 Anuj Mittal
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Steve Sakoman <steve@sakoman.com>

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an
integer overflow exists for m_groupSize.

Backport patch from:
https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b

CVE: CVE-2021-46143
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 41a65d27e4ecdc11977e2944d8af2f51c48f32ec)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../expat/expat/CVE-2021-46143.patch          | 43 +++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.10.bb       |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-46143.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/meta/recipes-core/expat/expat/CVE-2021-46143.patch
new file mode 100644
index 0000000000..d6bafba0ff
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2021-46143.patch
@@ -0,0 +1,43 @@
+From 85ae9a2d7d0e9358f356b33977b842df8ebaec2b Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 25 Dec 2021 20:52:08 +0100
+Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function
+ doProlog (CVE-2021-46143)
+
+---
+ expat/lib/xmlparse.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index b47c31b0..8f243126 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -5046,6 +5046,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+       if (parser->m_prologState.level >= parser->m_groupSize) {
+         if (parser->m_groupSize) {
+           {
++            /* Detect and prevent integer overflow */
++            if (parser->m_groupSize > (unsigned int)(-1) / 2u) {
++              return XML_ERROR_NO_MEMORY;
++            }
++
+             char *const new_connector = (char *)REALLOC(
+                 parser, parser->m_groupConnector, parser->m_groupSize *= 2);
+             if (new_connector == NULL) {
+@@ -5056,6 +5061,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+           }
+ 
+           if (dtd->scaffIndex) {
++            /* Detect and prevent integer overflow.
++             * The preprocessor guard addresses the "always false" warning
++             * from -Wtype-limits on platforms where
++             * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++            if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) {
++              return XML_ERROR_NO_MEMORY;
++            }
++#endif
++
+             int *const new_scaff_index = (int *)REALLOC(
+                 parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));
+             if (new_scaff_index == NULL)
diff --git a/meta/recipes-core/expat/expat_2.2.10.bb b/meta/recipes-core/expat/expat_2.2.10.bb
index 7a892b0304..e5415361d8 100644
--- a/meta/recipes-core/expat/expat_2.2.10.bb
+++ b/meta/recipes-core/expat/expat_2.2.10.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 	   file://0001-Add-output-of-tests-result.patch \
            file://CVE-2022-22822-27.patch \
            file://CVE-2021-45960.patch \
+           file://CVE-2021-46143.patch \
 	  "
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 16/17] speex: fix CVE-2020-23903
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (14 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 15/17] expat: fix CVE-2021-46143 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  2022-01-27  5:10 ` [hardknott][PATCH 17/17] lighttpd: backport a fix for CVE-2022-22707 Anuj Mittal
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Kai Kang <kai.kang@windriver.com>

Backport patch to fix CVE-2020-23903.

CVE: CVE-2020-23903

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b8f56e5e9eef32c1e01742f913e205d93548de1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../speex/speex/CVE-2020-23903.patch          | 30 +++++++++++++++++++
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |  4 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch

diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
new file mode 100644
index 0000000000..eb16e95ffc
--- /dev/null
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -0,0 +1,30 @@
+Backport patch to fix CVE-2020-23903.
+
+CVE: CVE-2020-23903
+Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
+From: Tristan Matthews <tmatth@videolan.org>
+Date: Mon, 13 Jul 2020 23:25:03 -0400
+Subject: [PATCH] wav_io: guard against invalid channel numbers
+
+Fixes #13
+---
+ src/wav_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b5183015..09d62eb0 100644
+--- a/src/wav_io.c
++++ b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+    stmp = le_short(stmp);
+    *channels = stmp;
+ 
+-   if (stmp>2)
++   if (stmp>2 || stmp<1)
+    {
+       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+       return -1;
diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb b/meta/recipes-multimedia/speex/speex_1.2.0.bb
index 3a0911d6f8..ea475f0f1b 100644
--- a/meta/recipes-multimedia/speex/speex_1.2.0.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
                     file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
 DEPENDS = "libogg speexdsp"
 
-SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
+           file://CVE-2020-23903.patch \
+           "
 UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar"
 
 SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

* [hardknott][PATCH 17/17] lighttpd: backport a fix for CVE-2022-22707
  2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
                   ` (15 preceding siblings ...)
  2022-01-27  5:10 ` [hardknott][PATCH 16/17] speex: fix CVE-2020-23903 Anuj Mittal
@ 2022-01-27  5:10 ` Anuj Mittal
  16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2022-01-27  5:10 UTC (permalink / raw)
  To: openembedded-core

From: Ross Burton <ross@burtonini.com>

Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...ix-out-of-bounds-OOB-write-fixes-313.patch | 97 +++++++++++++++++++
 .../lighttpd/lighttpd_1.4.59.bb               |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch

diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
new file mode 100644
index 0000000000..f4e93d1065
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
@@ -0,0 +1,97 @@
+Upstream-Status: Backport
+CVE: CVE-2022-22707
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001
+From: povcfe <povcfe@qq.com>
+Date: Wed, 5 Jan 2022 11:11:09 +0000
+Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
+
+(thx povcfe)
+
+(edited: gstrauss)
+
+There is a potential remote denial of service in lighttpd mod_extforward
+under specific, non-default and uncommon 32-bit lighttpd mod_extforward
+configurations.
+
+Under specific, non-default and uncommon lighttpd mod_extforward
+configurations, a remote attacker can trigger a 4-byte out-of-bounds
+write of value '-1' to the stack. This is not believed to be exploitable
+in any way beyond triggering a crash of the lighttpd server on systems
+where the lighttpd server has been built 32-bit and with compiler flags
+which enable a stack canary -- gcc/clang -fstack-protector-strong or
+-fstack-protector-all, but bug not visible with only -fstack-protector.
+
+With standard lighttpd builds using -O2 optimization on 64-bit x86_64,
+this bug has not been observed to cause adverse behavior, even with
+gcc/clang -fstack-protector-strong.
+
+For the bug to be reachable, the user must be using a non-default
+lighttpd configuration which enables mod_extforward and configures
+mod_extforward to accept and parse the "Forwarded" header from a trusted
+proxy. At this time, support for RFC7239 Forwarded is not common in CDN
+providers or popular web server reverse proxies. It bears repeating that
+for the user to desire to configure lighttpd mod_extforward to accept
+"Forwarded", the user must also be using a trusted proxy (in front of
+lighttpd) which understands and actively modifies the "Forwarded" header
+sent to lighttpd.
+
+lighttpd natively supports RFC7239 "Forwarded"
+hiawatha natively supports RFC7239 "Forwarded"
+
+nginx can be manually configured to add a "Forwarded" header
+https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
+
+A 64-bit build of lighttpd on x86_64 (not known to be affected by bug)
+in front of another 32-bit lighttpd will detect and reject a malicious
+"Forwarded" request header, thereby thwarting an attempt to trigger
+this bug in an upstream 32-bit lighttpd.
+
+The following servers currently do not natively support RFC7239 Forwarded:
+nginx
+apache2
+caddy
+node.js
+haproxy
+squid
+varnish-cache
+litespeed
+
+Given the general dearth of support for RFC7239 Forwarded in popular
+CDNs and web server reverse proxies, and given the prerequisites in
+lighttpd mod_extforward needed to reach this bug, the number of lighttpd
+servers vulnerable to this bug is estimated to be vanishingly small.
+Large systems using reverse proxies are likely running 64-bit lighttpd,
+which is not known to be adversely affected by this bug.
+
+In the future, it is desirable for more servers to implement RFC7239
+Forwarded.  lighttpd developers would like to thank povcfe for reporting
+this bug so that it can be fixed before more CDNs and web servers
+implement RFC7239 Forwarded.
+
+x-ref:
+  "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1"
+  https://redmine.lighttpd.net/issues/3134
+  (not yet written or published)
+  CVE-2022-22707
+---
+ src/mod_extforward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mod_extforward.c b/src/mod_extforward.c
+index ba957e04..fdaef7f6 100644
+--- a/src/mod_extforward.c
++++ b/src/mod_extforward.c
+@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
+         while (s[i] == ' ' || s[i] == '\t') ++i;
+         if (s[i] == ';') { ++i; continue; }
+         if (s[i] == ',') {
+-            if (j >= (int)(sizeof(offsets)/sizeof(int))) break;
++            if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break;
+             offsets[++j] = -1; /*("offset" separating params from next proxy)*/
+             ++i;
+             continue;
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
index cf7f478915..73443f77b4 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
@@ -14,6 +14,7 @@ RRECOMMENDS_${PN} = "lighttpd-module-access \
                      lighttpd-module-accesslog"
 
 SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+        file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \
         file://index.html.lighttpd \
         file://lighttpd.conf \
         file://lighttpd \
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2022-01-27  5:10 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-27  5:09 [hardknott][PATCH 00/17] Patch review Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 01/17] tune-cortexa72: remove crypto for the default cortex-a72 Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 02/17] tune-cortexa72: Enable the crc extension by default for cortexa72 Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 03/17] tune-cortexa72: Drop the redundant cortexa72-crc tune Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 04/17] socat: update SRC_URI Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 05/17] pigz: fix one failure of command "unpigz -l" Anuj Mittal
2022-01-27  5:09 ` [hardknott][PATCH 06/17] binutils: upgrade binutils-2.36 to latest version Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 07/17] gcc: upgrade to gcc-10.3 version Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 08/17] glibc: upgrade glibc-2.33 to latest version Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 09/17] linux-yocto/5.4: update to v5.4.169 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 10/17] linux-yocto/5.4: update to v5.4.170 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 11/17] linux-yocto/5.4: update to v5.4.171 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 12/17] linux-yocto/5.4: update to v5.4.172 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 13/17] expat fix CVE-2022-22822 through CVE-2022-22827 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 14/17] expat: fix CVE-2021-45960 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 15/17] expat: fix CVE-2021-46143 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 16/17] speex: fix CVE-2020-23903 Anuj Mittal
2022-01-27  5:10 ` [hardknott][PATCH 17/17] lighttpd: backport a fix for CVE-2022-22707 Anuj Mittal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.