* [zeus][PATCH 0/9] zeus review
@ 2020-03-26 8:53 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Next set of changes for zeus. Please review.
Thanks,
Anuj
The following changes since commit c940e4b858d6be28b198770768117ecc098fa0d3:
bluez: fix CVE-2020-0556 (2020-03-16 15:49:02 +0800)
are available in the git repository at:
git://push.openembedded.org/openembedded-core-contrib anujm/zeus
Anuj Mittal (4):
icu: fix CVE-2020-10531
screen: fix CVE-2020-9366
e2fsprogs: fix CVE-2019-5188
e2fsprogs: backport upstream patch
Bruce Ashfield (1):
linux-yocto/4.19: update to v4.19.107
Chee Yang Lee (1):
wic/direct: reserve 2 sector for extended partition
Julius Hemanth Pitti (1):
nfs-utils: Disable statx if using glibc emulation
Ross Burton (1):
sanity: check for more bits of Python
Tom Hochstein (1):
security_flags.inc: fix flags missing from SDK toolchain
meta/classes/sanity.bbclass | 12 +-
meta/conf/distro/include/security_flags.inc | 2 +
...01-Disable-statx-if-using-glibc-emulation.patch | 34 ++++++
.../nfs-utils/nfs-utils_2.4.1.bb | 1 +
...k-don-t-try-to-rehash-a-deleted-directory.patch | 49 +++++++++
.../e2fsprogs/e2fsprogs/CVE-2019-5188.patch | 57 ++++++++++
...fsck-fix-use-after-free-in-calculate_tree.patch | 76 +++++++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 3 +
.../screen/screen/CVE-2020-9366.patch | 48 ++++++++
meta/recipes-extended/screen/screen_4.6.2.bb | 1 +
meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_4.19.bb | 20 ++--
meta/recipes-support/icu/icu/CVE-2020-10531.patch | 122 +++++++++++++++++++++
meta/recipes-support/icu/icu_64.2.bb | 1 +
scripts/lib/wic/plugins/imager/direct.py | 6 +-
16 files changed, 421 insertions(+), 25 deletions(-)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2020-9366.patch
create mode 100644 meta/recipes-support/icu/icu/CVE-2020-10531.patch
--
2.7.4
^ permalink raw reply [flat|nested] 10+ messages in thread
* [zeus][PATCH 1/9] icu: fix CVE-2020-10531
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 2/9] screen: fix CVE-2020-9366 Anuj Mittal
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-support/icu/icu/CVE-2020-10531.patch | 122 ++++++++++++++++++++++
meta/recipes-support/icu/icu_64.2.bb | 1 +
2 files changed, 123 insertions(+)
create mode 100644 meta/recipes-support/icu/icu/CVE-2020-10531.patch
diff --git a/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
new file mode 100644
index 0000000..56303fc
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2020-10531.patch
@@ -0,0 +1,122 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+
+Upstream-Status: Backport [https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca]
+CVE: CVE-2020-10531
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ icu4c/source/common/unistr.cpp | 6 ++-
+ icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
+ icu4c/source/test/intltest/ustrtest.h | 1 +
+ 3 files changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
+index 901bb3358ba..077b4d6ef20 100644
+--- a/icu4c/source/common/unistr.cpp
++++ b/icu4c/source/common/unistr.cpp
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+ }
+
+ int32_t oldLength = length();
+- int32_t newLength = oldLength + srcLength;
++ int32_t newLength;
++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++ setToBogus();
++ return *this;
++ }
+
+ // Check for append onto ourself
+ const UChar* oldArray = getArrayStart();
+diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp
+index b6515ea813c..ad38bdf53a3 100644
+--- a/icu4c/source/test/intltest/ustrtest.cpp
++++ b/icu4c/source/test/intltest/ustrtest.cpp
+@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
+ TESTCASE_AUTO(TestWCharPointers);
+ TESTCASE_AUTO(TestNullPointers);
+ TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
++ TESTCASE_AUTO(TestLargeAppend);
+ TESTCASE_AUTO_END;
+ }
+
+@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
+ str.insert(2, sub);
+ assertEquals("", u"abbcdcde", str);
+ }
++
++void UnicodeStringTest::TestLargeAppend() {
++ if(quick) return;
++
++ IcuTestErrorCode status(*this, "TestLargeAppend");
++ // Make a large UnicodeString
++ int32_t len = 0xAFFFFFF;
++ UnicodeString str;
++ char16_t *buf = str.getBuffer(len);
++ // A fast way to set buffer to valid Unicode.
++ // 4E4E is a valid unicode character
++ uprv_memset(buf, 0x4e, len * 2);
++ str.releaseBuffer(len);
++ UnicodeString dest;
++ // Append it 16 times
++ // 0xAFFFFFF times 16 is 0xA4FFFFF1,
++ // which is greater than INT32_MAX, which is 0x7FFFFFFF.
++ int64_t total = 0;
++ for (int32_t i = 0; i < 16; i++) {
++ dest.append(str);
++ total += len;
++ if (total <= INT32_MAX) {
++ assertFalse("dest is not bogus", dest.isBogus());
++ } else {
++ assertTrue("dest should be bogus", dest.isBogus());
++ }
++ }
++ dest.remove();
++ total = 0;
++ for (int32_t i = 0; i < 16; i++) {
++ dest.append(str);
++ total += len;
++ if (total + len <= INT32_MAX) {
++ assertFalse("dest is not bogus", dest.isBogus());
++ } else if (total <= INT32_MAX) {
++ // Check that a string of exactly the maximum size works
++ UnicodeString str2;
++ int32_t remain = INT32_MAX - total;
++ char16_t *buf2 = str2.getBuffer(remain);
++ if (buf2 == nullptr) {
++ // if somehow memory allocation fail, return the test
++ return;
++ }
++ uprv_memset(buf2, 0x4e, remain * 2);
++ str2.releaseBuffer(remain);
++ dest.append(str2);
++ total += remain;
++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
++ assertFalse("dest is not bogus", dest.isBogus());
++
++ // Check that a string size+1 goes bogus
++ str2.truncate(1);
++ dest.append(str2);
++ total++;
++ assertTrue("dest should be bogus", dest.isBogus());
++ } else {
++ assertTrue("dest should be bogus", dest.isBogus());
++ }
++ }
++}
+diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h
+index 218befdcc68..4a356a92c7a 100644
+--- a/icu4c/source/test/intltest/ustrtest.h
++++ b/icu4c/source/test/intltest/ustrtest.h
+@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest {
+ void TestWCharPointers();
+ void TestNullPointers();
+ void TestUnicodeStringInsertAppendToSelf();
++ void TestLargeAppend();
+ };
+
+ #endif
diff --git a/meta/recipes-support/icu/icu_64.2.bb b/meta/recipes-support/icu/icu_64.2.bb
index 10bac7a..2ed8077 100644
--- a/meta/recipes-support/icu/icu_64.2.bb
+++ b/meta/recipes-support/icu/icu_64.2.bb
@@ -18,6 +18,7 @@ SRC_URI = "${BASE_SRC_URI} \
file://fix-install-manx.patch \
file://0001-Fix-big-endian-build.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://CVE-2020-10531.patch;striplevel=3 \
"
SRC_URI_append_class-target = "\
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 2/9] screen: fix CVE-2020-9366
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 3/9] sanity: check for more bits of Python Anuj Mittal
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../screen/screen/CVE-2020-9366.patch | 48 ++++++++++++++++++++++
meta/recipes-extended/screen/screen_4.6.2.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-extended/screen/screen/CVE-2020-9366.patch
diff --git a/meta/recipes-extended/screen/screen/CVE-2020-9366.patch b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
new file mode 100644
index 0000000..a52b9e6
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch
@@ -0,0 +1,48 @@
+From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
+Date: Thu, 30 Jan 2020 17:56:27 +0100
+Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net>
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+echo -e "\e]49\e; \n\ec"
+crashes screen.
+
+This happens because 49 is divided by 10 and used as table index
+resulting in access to w_xtermosc[4], which is out of bounds with table
+itself being size 4. Increase size of table by 1 to 5, which is enough
+for all current uses.
+
+As this overwrites memory based on user input it is potential security
+issue.
+
+Reported-by: pippin@gimp.org
+Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b]
+CVE: CVE-2020-9366
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+---
+ window.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/window.h b/window.h
+index bd10dcd..a8afa19 100644
+--- a/window.h
++++ b/window.h
+@@ -237,7 +237,7 @@ struct win
+ char w_vbwait;
+ char w_norefresh; /* dont redisplay when switching to that win */
+ #ifdef RXVT_OSC
+- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */
++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */
+ #endif
+ int w_mouse; /* mouse mode 0,9,1000 */
+ #ifdef HAVE_BRAILLE
diff --git a/meta/recipes-extended/screen/screen_4.6.2.bb b/meta/recipes-extended/screen/screen_4.6.2.bb
index 21b476d..d00b849 100644
--- a/meta/recipes-extended/screen/screen_4.6.2.bb
+++ b/meta/recipes-extended/screen/screen_4.6.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
file://0001-fix-for-multijob-build.patch \
file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \
file://0001-Remove-more-compatibility-stuff.patch \
+ file://CVE-2020-9366.patch \
"
SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 3/9] sanity: check for more bits of Python
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 2/9] screen: fix CVE-2020-9366 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation Anuj Mittal
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@intel.com>
MJ: icu in master doesn't need distutils anymore, because icu 65.1 currently in
dunfell/master doesn't depend on python3-distutils anymore since:
https://github.com/unicode-org/icu/commit/b4d41b0561b6e8de38b99850ce0e4be8ef536bb1
but the icu-64.2 in zeus and openembedded-core/meta/recipes-core/ovmf/ovmf_git.bb
still need python3-distutils as described in:
http://lists.openembedded.org/pipermail/openembedded-core/2020-March/293984.html
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/sanity.bbclass | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 936fe91..5c2f8f9 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -625,13 +625,14 @@ def check_sanity_version_change(status, d):
# In other words, these tests run once in a given build directory and then
# never again until the sanity version or host distrubution id/version changes.
- # Check the python install is complete. glib-2.0-natives requries
- # xml.parsers.expat
+ # Check the python install is complete. Examples that are often removed in
+ # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
+ # requires distutils.sysconfig.
try:
import xml.parsers.expat
- except ImportError:
- status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
- import stat
+ import distutils.sysconfig
+ except ImportError as e:
+ status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
status.addresult(check_make_version(d))
status.addresult(check_patch_version(d))
@@ -667,6 +668,7 @@ def check_sanity_version_change(status, d):
status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
# Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
+ import stat
tmpdir = d.getVar('TMPDIR')
status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
tmpdirmode = os.stat(tmpdir).st_mode
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (2 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 3/9] sanity: check for more bits of Python Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188 Anuj Mittal
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Julius Hemanth Pitti <jpitti@cisco.com>
nfs-utils 2.4.1, moves from "stat" to "statx
with AT_STATX_DONT_SYNC" in parts of the code.
statx is supported in Linux kernel v4.11 and above.
For all older kernels glibc emulates statx, and it
doesn't support AT_STATX_DONT_SYNC and will return
EINVAL.
When server uses nfs-utils 2.4.1 on kernel v4.10
and older, mount.nfs4 would fail with error
"reason given by server: No such file or directory".
Since Linux v4.4 and v4.9 are LTS, its more likely
that people would use above combination.
This issue has been fixed in nfs-utils 2.4.3 and
above. Backporting fix to 2.4.1.
Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...01-Disable-statx-if-using-glibc-emulation.patch | 34 ++++++++++++++++++++++
.../nfs-utils/nfs-utils_2.4.1.bb | 1 +
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
new file mode 100644
index 0000000..98b1391
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch
@@ -0,0 +1,34 @@
+From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001
+From: Doug Nazar <nazard@nazar.ca>
+Date: Mon, 9 Dec 2019 10:53:37 -0500
+Subject: [PATCH] Disable statx if using glibc emulation
+
+On older kernels without statx, glibc with statx support will attempt
+to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and
+will return EINVAL. This causes all xstat/xlstat calls to fail.
+
+Upstream-Status: Backport
+
+Signed-off-by: Doug Nazar <nazard@nazar.ca>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/misc/xstat.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/misc/xstat.c b/support/misc/xstat.c
+index 661e29e4..a438fbcc 100644
+--- a/support/misc/xstat.c
++++ b/support/misc/xstat.c
+@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags)
+ statx_copy(statbuf, &stxbuf);
+ return 0;
+ }
++ /* glibc emulation doesn't support AT_STATX_DONT_SYNC */
++ if (errno == EINVAL)
++ errno = ENOSYS;
+ if (errno == ENOSYS)
+ statx_supported = 0;
+ } else
+--
+2.19.1
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
index 7e80354..3ae8f96 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
@@ -33,6 +33,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
file://0001-Fix-include-order-between-config.h-and-stat.h.patch \
+ file://0001-Disable-statx-if-using-glibc-emulation.patch \
"
SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (3 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 6/9] e2fsprogs: backport upstream patch Anuj Mittal
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Also see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948508
(From OE-Core rev: 09bdcef183d885025da6aa87a7c2bf7e8268774e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...k-don-t-try-to-rehash-a-deleted-directory.patch | 49 +++++++++++++++++++
.../e2fsprogs/e2fsprogs/CVE-2019-5188.patch | 57 ++++++++++++++++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 2 +
3 files changed, 108 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
new file mode 100644
index 0000000..ba4e3a3
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch
@@ -0,0 +1,49 @@
+From 71ba13755337e19c9a826dfc874562a36e1b24d3 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:45:06 -0500
+Subject: [PATCH] e2fsck: don't try to rehash a deleted directory
+
+If directory has been deleted in pass1[bcd] processing, then we
+shouldn't try to rehash the directory in pass 3a when we try to
+rehash/reoptimize directories.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba13755337e19c9a826dfc874562a36e1b24d3]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ e2fsck/pass1b.c | 4 ++++
+ e2fsck/rehash.c | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/e2fsck/pass1b.c b/e2fsck/pass1b.c
+index 5693b9cf..bca701ca 100644
+--- a/e2fsck/pass1b.c
++++ b/e2fsck/pass1b.c
+@@ -705,6 +705,10 @@ static void delete_file(e2fsck_t ctx, ext2_ino_t ino,
+ fix_problem(ctx, PR_1B_BLOCK_ITERATE, &pctx);
+ if (ctx->inode_bad_map)
+ ext2fs_unmark_inode_bitmap2(ctx->inode_bad_map, ino);
++ if (ctx->inode_reg_map)
++ ext2fs_unmark_inode_bitmap2(ctx->inode_reg_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_dir_map, ino);
++ ext2fs_unmark_inode_bitmap2(ctx->inode_used_map, ino);
+ ext2fs_inode_alloc_stats2(fs, ino, -1, LINUX_S_ISDIR(dp->inode.i_mode));
+ quota_data_sub(ctx->qctx, &dp->inode, ino,
+ pb.dup_blocks * fs->blocksize);
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 3dd1e941..2c908be0 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -1028,6 +1028,8 @@ void e2fsck_rehash_directories(e2fsck_t ctx)
+ if (!ext2fs_u32_list_iterate(iter, &ino))
+ break;
+ }
++ if (!ext2fs_test_inode_bitmap2(ctx->inode_dir_map, ino))
++ continue;
+
+ pctx.dir = ino;
+ if (first) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
new file mode 100644
index 0000000..de4bce0
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2019-5188.patch
@@ -0,0 +1,57 @@
+From 8dd73c149f418238f19791f9d666089ef9734dff Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 19 Dec 2019 19:37:34 -0500
+Subject: [PATCH] e2fsck: abort if there is a corrupted directory block when
+ rehashing
+
+In e2fsck pass 3a, when we are rehashing directories, at least in
+theory, all of the directories should have had corruptions with
+respect to directory entry structure fixed. However, it's possible
+(for example, if the user declined a fix) that we can reach this stage
+of processing with a corrupted directory entries.
+
+So check for that case and don't try to process a corrupted directory
+block so we don't run into trouble in mutate_name() if there is a
+zero-length file name.
+
+Addresses: TALOS-2019-0973
+Addresses: CVE-2019-5188
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+CVE: CVE-2019-5188
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff]
+---
+ e2fsck/rehash.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index a5fc1be1..3dd1e941 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -160,6 +160,10 @@ static int fill_dir_block(ext2_filsys fs,
+ dir_offset += rec_len;
+ if (dirent->inode == 0)
+ continue;
++ if ((name_len) == 0) {
++ fd->err = EXT2_ET_DIR_CORRUPTED;
++ return BLOCK_ABORT;
++ }
+ if (!fd->compress && (name_len == 1) &&
+ (dirent->name[0] == '.'))
+ continue;
+@@ -401,6 +405,11 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
+ continue;
+ }
+ new_len = ext2fs_dirent_name_len(ent->dir);
++ if (new_len == 0) {
++ /* should never happen */
++ ext2fs_unmark_valid(fs);
++ continue;
++ }
+ memcpy(new_name, ent->dir->name, new_len);
+ mutate_name(new_name, &new_len);
+ for (j=0; j < fd->num_array; j++) {
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 14c05a4..2014e68 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -6,6 +6,8 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://mkdir_p.patch \
file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
file://CVE-2019-5094.patch \
+ file://CVE-2019-5188.patch \
+ file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 6/9] e2fsprogs: backport upstream patch
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (4 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain Anuj Mittal
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
Fixes a bug wherein a use after free could potentially be used to run
malicious code if a user can be tricked into running e2fsck on a
maliciously crafted file system.
Also see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948517
(From OE-Core rev: 23c1b157362609bd8d85c7d35e6c7f0f60c32c88)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...fsck-fix-use-after-free-in-calculate_tree.patch | 76 ++++++++++++++++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb | 1 +
2 files changed, 77 insertions(+)
create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
new file mode 100644
index 0000000..342a2b8
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsck-fix-use-after-free-in-calculate_tree.patch
@@ -0,0 +1,76 @@
+From: Wang Shilong <wshilong@ddn.com>
+Date: Mon, 30 Dec 2019 19:52:39 -0500
+Subject: e2fsck: fix use after free in calculate_tree()
+
+The problem is alloc_blocks() will call get_next_block() which might
+reallocate outdir->buf, and memory address could be changed after
+this. To fix this, pointers that point into outdir->buf, such as
+int_limit and root need to be recaulated based on the new starting
+address of outdir->buf.
+
+[ Changed to correctly recalculate int_limit, and to optimize how we
+ reallocate outdir->buf. -TYT ]
+
+Addresses-Debian-Bug: 948517
+Signed-off-by: Wang Shilong <wshilong@ddn.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+(cherry picked from commit 101e73e99ccafa0403fcb27dd7413033b587ca01)
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=101e73e99ccafa0403fcb27dd7413033b587ca01]
+---
+ e2fsck/rehash.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
+index 0a5888a9..2574e151 100644
+--- a/e2fsck/rehash.c
++++ b/e2fsck/rehash.c
+@@ -295,7 +295,11 @@ static errcode_t get_next_block(ext2_filsys fs, struct out_dir *outdir,
+ errcode_t retval;
+
+ if (outdir->num >= outdir->max) {
+- retval = alloc_size_dir(fs, outdir, outdir->max + 50);
++ int increment = outdir->max / 10;
++
++ if (increment < 50)
++ increment = 50;
++ retval = alloc_size_dir(fs, outdir, outdir->max + increment);
+ if (retval)
+ return retval;
+ }
+@@ -637,6 +641,9 @@ static int alloc_blocks(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ *prev_ent = (struct ext2_dx_entry *) (outdir->buf + *prev_offset);
++
+ *next_ent = set_int_node(fs, block_start);
+ *limit = (struct ext2_dx_countlimit *)(*next_ent);
+ if (next_offset)
+@@ -726,6 +733,9 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ return retval;
+ }
+ if (c3 == 0) {
++ int delta1 = (char *)int_limit - outdir->buf;
++ int delta2 = (char *)root - outdir->buf;
++
+ retval = alloc_blocks(fs, &limit, &int_ent,
+ &dx_ent, &int_offset,
+ NULL, outdir, i, &c2,
+@@ -733,6 +743,11 @@ static errcode_t calculate_tree(ext2_filsys fs,
+ if (retval)
+ return retval;
+
++ /* outdir->buf might be reallocated */
++ int_limit = (struct ext2_dx_countlimit *)
++ (outdir->buf + delta1);
++ root = (struct ext2_dx_entry *)
++ (outdir->buf + delta2);
+ }
+ dx_ent->block = ext2fs_cpu_to_le32(i);
+ if (c3 != limit->limit)
+--
+2.24.1
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 2014e68..f81defb 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://CVE-2019-5094.patch \
file://CVE-2019-5188.patch \
file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+ file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (5 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 6/9] e2fsprogs: backport upstream patch Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
The security flags were missing from the SDK toolchain
because they were added specifically to class-target.
Add them to class-cross-canadian as well (since the SDK environment
file is created from cross-canadian target flags).
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Antoine Manache <a.manache@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/conf/distro/include/security_flags.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index aaf04e9..568d036 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -57,6 +57,8 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"
SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
SECURITY_STACK_PROTECTOR_pn-glibc = ""
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (6 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/4.19 to the latest korg -stable release that comprises
the following commits:
16ae5406361a crypto: CVE-2019-18808
a083db76118d Linux 4.19.107
cfc30449bbc5 Revert "char/random: silence a lockdep splat with printk()"
8541452acba5 s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
fee87e931cc5 xen: Enable interrupts when calling _cond_resched()
28a73a946a46 ata: ahci: Add shutdown to freeze hardware resources of ahci
43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
5a2972600a2f ALSA: seq: Fix concurrent access to queue current tick/time
b105447809b1 ALSA: seq: Avoid concurrent access to queue flags
63495d1e1c7c ALSA: rawmidi: Avoid bit fields for state flags
bf3043d27755 bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill
3132696dd748 genirq/proc: Reject invalid affinity masks (again)
ba2c07dfa0d8 iommu/vt-d: Fix compile warning from intel-svm.h
c0965be4b28b ecryptfs: replace BUG_ON with error handling code
1bae8f424c84 staging: greybus: use after free in gb_audio_manager_remove_all()
568991c91849 staging: rtl8723bs: fix copy of overlapping memory
f8e6a3412dc6 usb: dwc2: Fix in ISOC request length checking
de8dbb7b02fa usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
1cad1a6497ec scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
c66b2b571211 scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
b046c6fec04e Revert "dmaengine: imx-sdma: Fix memory leak"
cd26d53a27d6 Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
4d886f91ca13 btrfs: do not check delayed items are empty for single transaction cleanup
68b7db197bf8 btrfs: reset fs_root to NULL on error in open_ctree
0ba8e5f347b2 btrfs: fix bytes_may_use underflow in prealloc error condtition
e541982a6e5f KVM: apic: avoid calculating pending eoi from an uninitialized val
267eec2d216d KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
85dd0eb771e8 KVM: nVMX: Check IO instruction VM-exit conditions
e5c0857bd5cc KVM: nVMX: Refactor IO bitmap checks into helper function
8cf20fb73e73 ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
48fdbe2a818d ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
b7dc081c24db ext4: fix mount failure with quota configured as module
50017cec3dbb ext4: fix potential race between s_flex_groups online resizing and access
7720966a68c8 ext4: fix potential race between s_group_info online resizing and access
cc9948abe47b ext4: fix potential race between online resizing and write operations
38884609b8b5 ext4: add cond_resched() to __ext4_find_entry()
9b6e90918bc0 ext4: fix a data race in EXT4_I(inode)->i_disksize
0e3a6e86d43b drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets
da3418ad747f lib/stackdepot.c: fix global out-of-bounds in stack_slabs
56ad5b4b7405 tty: serial: qcom_geni_serial: Fix RX cancel command failure
e6ebad85883d tty: serial: qcom_geni_serial: Remove xfer_mode variable
4e438733f727 tty: serial: qcom_geni_serial: Remove set_rfr_wm() and related variables
1cc8834773b2 tty: serial: qcom_geni_serial: Remove use of *_relaxed() and mb()
4d1a94fa6d14 tty: serial: qcom_geni_serial: Remove interrupt storm
0a38fd9326fd tty: serial: qcom_geni_serial: Fix UART hang
fe1cfc645845 KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
ed9e97c35b45 KVM: nVMX: Don't emulate instructions in guest mode
6ca274be314b xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
8300ed5a2175 drm/amdgpu/soc15: fix xclk for raven
837ba4829b9f mm/vmscan.c: don't round up scan size for online memory cgroup
ea2a11561d01 genirq/irqdomain: Make sure all irq domain flags are distinct
576c04cbbef2 nvme-multipath: Fix memory leak with ana_log_buf
e75d2de90b86 mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps()
cf85f00f87db Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
af4693daff1b MAINTAINERS: Update drm/i915 bug filing URL
c9ca2010202b serdev: ttyport: restore client ops on deregistration
463a3db812d9 tty: serial: imx: setup the correct sg entry for tx dma
6807593e8edc tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
f4e6d51f3f40 serial: 8250: Check UPF_IRQ_SHARED in advance
f28ec250579c x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
5e5b443ae6cc x86/mce/amd: Fix kobject lifetime
0a3aca3a0f41 x86/mce/amd: Publish the bank pointer only after setup has succeeded
4512119ac90a jbd2: fix ocfs2 corrupt when clearing block group bits
72e2df70fb52 powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery
e34182fb8a2f staging: rtl8723bs: Fix potential overuse of kernel memory
e4770de3ae41 staging: rtl8723bs: Fix potential security hole
b4eab56d96f1 staging: rtl8188eu: Fix potential overuse of kernel memory
2a50bd9e2a69 staging: rtl8188eu: Fix potential security hole
d59f6a6e35b7 usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields
c787444891a4 usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows
8cfda0c9c966 USB: hub: Fix the broken detection of USB3 device in SMSC hub
37d2eb43b64c USB: hub: Don't record a connect-change event during reset-resume
babaa26b7c1c USB: Fix novation SourceControl XL after suspend
2debc1717cf2 usb: uas: fix a plug & unplug racing
4db4761cfe15 USB: quirks: blacklist duplicate ep on Sound Devices USBPre2
63d176ed148a USB: core: add endpoint-blacklist quirk
d74d5d042d42 usb: host: xhci: update event ring dequeue pointer on purpose
2a2582dc62e9 xhci: Fix memory leak when caching protocol extended capability PSI tables - take 2
7c8cde41a0c3 xhci: fix runtime pm enabling for quirky Intel hosts
dce60e7efa97 xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
<snip>
c7f81d70d7ae ubifs: Fix default compression selection in ubifs
3331e61b23b1 nvme: fix kernel paging oops
2f99d478ddbd xfs: require both realtime inodes to mount
b2d84967f076 bcache: do not mark writeback_running too early
6f48e23888b9 bcache: do not check if debug dentry is ERR or NULL explicitly on remove
c318f88411a8 rtl818x: fix potential use after free
7cf86c89d7e4 brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373
38b73129c113 brcmfmac: set F2 watermark to 256 for 4373
6138e4b132cd mwifiex: debugfs: correct histogram spacing, formatting
1450ff720076 mwifiex: fix potential NULL dereference and use after free
4912b454e029 arm64: dts: renesas: draak: Fix CVBS input
48d37cc42390 crypto: user - support incremental algorithm dumps
43cd68d7002b s390/zcrypt: make sysfs reset attribute trigger queue reset
5ac0da68eae1 nvme: provide fallback for discard alloc failure
d702d7bc7eb4 scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port
78777dd6174e scsi: qla2xxx: Fix NPIV handling for FC-NVMe
58ab95b03497 scsi: lpfc: Enable Management features for IF_TYPE=6
e772949a3fd6 ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
d411bd858447 ARM: ks8695: fix section mismatch warning
22227437ca68 xfs: zero length symlinks are not valid
4d54a7969524 PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
d2e3e3c3c14b RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
64694b276d74 arm64: preempt: Fix big-endian when checking preempt count in assembly
2ec103458855 RDMA/hns: Fix the bug while use multi-hop of pbl
60da6da4b511 ARM: OMAP1: fix USB configuration for device-only setups
0086d127f90d platform/x86: mlx-platform: Fix LED configuration
08d8ab9615c5 bus: ti-sysc: Check for no-reset and no-idle flags at the child level
4b40393b5240 arm64: smp: Handle errors reported by the firmware
e3d27b94111b arm64: mm: Prevent mismatched 52-bit VA support
57f3359cdabe ARM: dts: Fix hsi gdd range for omap4
9b1f6bde17d6 parisc: Fix HP SDC hpa address output
d18f228f504e parisc: Fix serio address output
72a50a1e1c65 ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
bf39f5b323eb ARM: dts: imx25: Fix memory node duplication
d2eb50e57a5c ARM: dts: imx27: Fix memory node duplication
54750b6f6671 ARM: dts: imx1: Fix memory node duplication
6aeb6bd0eda6 ARM: dts: imx23: Fix memory node duplication
1694780bd4ca ARM: dts: imx50: Fix memory node duplication
2442b4c0f30a ARM: dts: imx6sl: Fix memory node duplication
bae011f4c9a4 ARM: dts: imx6sx: Fix memory node duplication
0990926c9395 ARM: dts: imx6ul: Fix memory node duplication
e021f0ccc4fa ARM: dts: imx7: Fix memory node duplication
a90469345b26 ARM: dts: imx35: Fix memory node duplication
6bc1e695b4be ARM: dts: imx31: Fix memory node duplication
ca02e14bdd7f ARM: dts: imx53: Fix memory node duplication
5a1e6f95733c ARM: dts: imx51: Fix memory node duplication
8c0c8c2a80b2 ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
dee3f7703207 tracing: Lock event_mutex before synth_event_mutex
67547b9b4660 ARM: dts: Fix up SQ201 flash access
ee6d2bedb400 scsi: lpfc: Fix dif and first burst use in write commands
20feb7333049 scsi: lpfc: Fix kernel Oops due to null pring pointers
a8c0f6334e56 scsi: target/tcmu: Fix queue_cmd_ring() declaration
480233f89d42 pwm: bcm-iproc: Prevent unloading the driver module while in use
27d22db4ccf1 block: drbd: remove a stray unlock in __drbd_send_protocol()
51a564498cfb mac80211: fix station inactive_time shortly after boot
b707e0da2791 net/fq_impl: Switch to kvmalloc() for memory allocation
a8a61f82cc9f ceph: return -EINVAL if given fsc mount option on kernel w/o support
0f716cda304b net: mscc: ocelot: fix __ocelot_rmw_ix prototype
a30c6e424fdd net: bcmgenet: reapply manual settings to the PHY
acd6a29134f0 net: bcmgenet: use RGMII loopback for MAC reset
ff3f7465ee98 scripts/gdb: fix debugging modules compiled with hot/cold partitioning
22f4892950b2 ASoC: stm32: sai: add restriction on mmap support
3f034e6889e7 watchdog: meson: Fix the wrong value of left time
7302e7b10855 can: mcp251x: mcp251x_restart_work_handler(): Fix potential force_quit race condition
24e10fc2e0db can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails
ee7981538293 can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
5c8f5485614c can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
eca4b786f3bb can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors
a85ce0107d6b can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM
b83d4e4899d6 can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max
77f94f0d7f52 can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
66e21b7b9251 can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
7559e68ca91f can: peak_usb: report bus recovery as well
c5b0bbef4367 bridge: ebtables: don't crash when using dnat target in output chains
2070b33ee987 net: fec: add missed clk_disable_unprepare in remove
28f34294442b clk: ti: clkctrl: Fix failed to enable error with double udelay timeout
cb5a4049608c clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
1677a0e54937 x86/resctrl: Prevent NULL pointer dereference when reading mondata
8ef58b82d1e4 idr: Fix idr_alloc_u32 on 32-bit systems
88358c7610cc idr: Fix integer overflow in idr_for_each_entry
a6359d5e2d98 powerpc/bpf: Fix tail call implementation
4665759af735 samples/bpf: fix build by setting HAVE_ATTR_TEST to zero
40c3b8fc47b3 ARM: dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend
40017db20bfa clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
49ade064ea4b clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup
15fc2f3c64e7 clk: at91: avoid sleeping early
8885552a061b reset: fix reset_control_ops kerneldoc comment
a94913c0c8cf ARM: dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts
5b15b1bf5428 pinctrl: cherryview: Allocate IRQ chip dynamic
a0554203bc12 clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
80e28fa256c9 ASoC: kirkwood: fix device remove ordering
6a7472add344 ASoC: kirkwood: fix external clock probe defer
a2c2cf16b059 clk: samsung: exynos5433: Fix error paths
9a5933aa1242 reset: Fix memory leak in reset_control_array_put()
e8eb6233be9a ASoC: compress: fix unsigned integer overflow check
7971b7fd5623 ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
daa2c4030510 clocksource/drivers/mediatek: Fix error handling
9c65bb9518ea clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 6 +++---
meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 8 ++++----
meta/recipes-kernel/linux/linux-yocto_4.19.bb | 20 ++++++++++----------
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index b6e0a1e..93c4472 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "2fbf678238302f33b3aec5a2cba829f260744f24"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine ?= "40e34fdcb540e35b1a97e8e52c11dfe52bd68b16"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index e2626ab..76b2467 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "bd239fb802a15c2759ea456dd1f09f5e106fc88a"
-SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine_qemuarm ?= "e2c947b59c650f2aa2f0f88d6af90f9dfb336e04"
+SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index c6e482a..6e3b00e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "v4.19/standard/base"
KBRANCH_qemux86-64 ?= "v4.19/standard/base"
KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "19fa1657d1d82d01647c6f73a2bbf39305505294"
-SRCREV_machine_qemuarm64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemumips ?= "8fb7ab96b84852ee3d9e1d9d9e7bc35e1249b653"
-SRCREV_machine_qemuppc ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemux86 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemux86-64 ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_machine_qemumips64 ?= "c8a036abd7d469013dddab15a23e0d2dde1d0000"
-SRCREV_machine ?= "b44ad1b1e7c685e75b7788a026a2416edc2ee656"
-SRCREV_meta ?= "4f5d761316a9cf14605e5d0cc91b53c1b2e9dc6a"
+SRCREV_machine_qemuarm ?= "c8b87f4d12eb957d8a95442a928ef4820037bb55"
+SRCREV_machine_qemuarm64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemumips ?= "94f102eaca76ffdcc3d47ea94b47486d7157c531"
+SRCREV_machine_qemuppc ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemux86 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemux86-64 ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_machine_qemumips64 ?= "98288b7e79bc8130c2a889d763c9c1aa15ff4939"
+SRCREV_machine ?= "16ae5406361af8329b74580697cb738dadeb1ecb"
+SRCREV_meta ?= "7cb520d405cd5ca8f21a333941fbc0861bbb36b0"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.19.87"
+LINUX_VERSION ?= "4.19.107"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
` (7 preceding siblings ...)
2020-03-26 8:53 ` [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107 Anuj Mittal
@ 2020-03-26 8:53 ` Anuj Mittal
8 siblings, 0 replies; 10+ messages in thread
From: Anuj Mittal @ 2020-03-26 8:53 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
extended partition should reserve at least 2 unallocated sectors
between the start of the extended partition and the start of a
logical partition.
[YOCTO #13658]
(From OE-Core rev: 884c8a0e50a49bdca5e048197a9dc0ff37cc8d1a)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 590555e3b8ccbd94b628aa6778adea7f4538d966)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/lib/wic/plugins/imager/direct.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/lib/wic/plugins/imager/direct.py b/scripts/lib/wic/plugins/imager/direct.py
index 2441cc3..5148df2 100644
--- a/scripts/lib/wic/plugins/imager/direct.py
+++ b/scripts/lib/wic/plugins/imager/direct.py
@@ -403,7 +403,7 @@ class PartitionedImage():
# Reserve a sector for EBR for every logical partition
# before alignment is performed.
if part.type == 'logical':
- self.offset += 1
+ self.offset += 2
align_sectors = 0
if part.align:
@@ -446,7 +446,7 @@ class PartitionedImage():
self.extendedpart = part.num
else:
self.extended_size_sec += align_sectors
- self.extended_size_sec += part.size_sec + 1
+ self.extended_size_sec += part.size_sec + 2
else:
self.primary_part_num += 1
part.num = self.primary_part_num
@@ -512,7 +512,7 @@ class PartitionedImage():
# add a sector at the back, so that there is enough
# room for all logical partitions.
self._create_partition(self.path, "extended",
- None, part.start - 1,
+ None, part.start - 2,
self.extended_size_sec)
if part.fstype == "swap":
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-03-26 8:54 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-26 8:53 [zeus][PATCH 0/9] zeus review Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 1/9] icu: fix CVE-2020-10531 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 2/9] screen: fix CVE-2020-9366 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 3/9] sanity: check for more bits of Python Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 4/9] nfs-utils: Disable statx if using glibc emulation Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 5/9] e2fsprogs: fix CVE-2019-5188 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 6/9] e2fsprogs: backport upstream patch Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 7/9] security_flags.inc: fix flags missing from SDK toolchain Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 8/9] linux-yocto/4.19: update to v4.19.107 Anuj Mittal
2020-03-26 8:53 ` [zeus][PATCH 9/9] wic/direct: reserve 2 sector for extended partition Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.