[OE-core][dunfell 00/20] Patch review

[OE-core][dunfell 00/20] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3253

The following changes since commit 88c0290520c9e4982d25c20e783bd91eec016b52:

  libusb1: correct SRC_URI (2022-02-07 04:40:13 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  ruby: correctly set native/target dependencies

Bruce Ashfield (3):
  linux-yocto/5.4: update to v5.4.173
  linux-yocto/5.4: update to v5.4.176
  linux-yocto/5.4: update to v5.4.178

Christian Eggers (1):
  sdk: fix search for dynamic loader

Florian Amstutz (1):
  devtool: deploy-target: Remove stripped binaries in pseudo context

Martin Beeger (1):
  cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file

Purushottam Choudhary (1):
  freetype: add missing CVE tag CVE-2020-15999

Richard Purdie (1):
  default-distrovars.inc: Switch connectivity check to a
    yoctoproject.org page

Ross Burton (1):
  lighttpd: backport a fix for CVE-2022-22707

Saul Wold (1):
  recipetool: Fix circular reference in SRC_URI

Stefan Herbrechtsmeier (1):
  cve-check: create directory of CVE_CHECK_MANIFEST before copy

Steve Sakoman (5):
  expat: fix CVE-2022-23990
  connman: fix CVE-2022-23096-7
  connman: fix CVE-2022-23098
  connman: fix CVE-2021-33833
  wpa-supplicant: fix CVE-2022-23303-4

Sundeep KOKKONDA (1):
  binutils: Fix CVE-2021-45078

bkylerussell@gmail.com (1):
  rpm: fix intermittent compression failure in do_package_write_rpm

wangmy (1):
  linux-firmware: upgrade 20211216 -> 20220209

 meta/classes/cve-check.bbclass                |   1 +
 meta/classes/sanity.bbclass                   |   2 +-
 .../distro/include/default-distrovars.inc     |   2 +-
 meta/files/toolchain-shar-relocate.sh         |   2 +-
 .../connman/connman/CVE-2021-33833.patch      |  72 +++
 .../connman/connman/CVE-2022-23096-7.patch    | 121 ++++
 .../connman/connman/CVE-2022-23098.patch      |  50 ++
 .../connman/connman_1.37.bb                   |   3 +
 .../wpa-supplicant/CVE-2022-23303-4.patch     | 609 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.9.bb      |   1 +
 .../expat/expat/CVE-2022-23990.patch          |  49 ++
 meta/recipes-core/expat/expat_2.2.9.bb        |   1 +
 .../binutils/binutils-2.34.inc                |   1 +
 .../binutils/0001-CVE-2021-45078.patch        | 257 ++++++++
 .../cmake/cmake/OEToolchainConfig.cmake       |   1 -
 ..._internal-mode-parsing-when-Tn-is-us.patch |  34 +
 meta/recipes-devtools/rpm/rpm_4.14.2.1.bb     |   1 +
 meta/recipes-devtools/ruby/ruby.inc           |   4 +-
 ...ix-out-of-bounds-OOB-write-fixes-313.patch | 100 +++
 .../lighttpd/lighttpd_1.4.55.bb               |   1 +
 ...-sfnt-Fix-heap-buffer-overflow-59308.patch |   3 +
 ...20211216.bb => linux-firmware_20220209.bb} |   4 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 scripts/lib/devtool/deploy.py                 |   2 +-
 scripts/lib/recipetool/create.py              |   2 +-
 27 files changed, 1331 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23990.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch
 create mode 100644 meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
 create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211216.bb => linux-firmware_20220209.bb} (99%)

-- 
2.25.1

[OE-core][dunfell 01/20] expat: fix CVE-2022-23990

[Steve Sakoman]

Expat (aka libexpat) before 2.4.4 has an integer overflow in the
doProlog function.

Backport patch from:

https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1

CVE: CVE-2021-23990
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2022-23990.patch          | 49 +++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23990.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-23990.patch b/meta/recipes-core/expat/expat/CVE-2022-23990.patch
new file mode 100644
index 0000000000..c599517b3e
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-23990.patch
@@ -0,0 +1,49 @@
+From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 26 Jan 2022 02:36:43 +0100
+Subject: [PATCH] lib: Prevent integer overflow in doProlog (CVE-2022-23990)
+
+The change from "int nameLen" to "size_t nameLen"
+addresses the overflow on "nameLen++" in code
+"for (; name[nameLen++];)" right above the second
+change in the patch.
+
+Upstream-Status: Backport:
+https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1
+
+CVE: CVE-2022-23990
+
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ lib/xmlparse.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 5ce31402..d1d17005 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+       if (dtd->in_eldecl) {
+         ELEMENT_TYPE *el;
+         const XML_Char *name;
+-        int nameLen;
++        size_t nameLen;
+         const char *nxt
+             = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar);
+         int myindex = nextScaffoldPart(parser);
+@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+         nameLen = 0;
+         for (; name[nameLen++];)
+           ;
+-        dtd->contentStringLen += nameLen;
++
++        /* Detect and prevent integer overflow */
++        if (nameLen > UINT_MAX - dtd->contentStringLen) {
++          return XML_ERROR_NO_MEMORY;
++        }
++
++        dtd->contentStringLen += (unsigned)nameLen;
+         if (parser->m_elementDeclHandler)
+           handleDefault = XML_FALSE;
+       }
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 6a6d5c066f..4c86f90ef1 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
            file://CVE-2021-46143.patch \
            file://CVE-2022-22822-27.patch \
            file://CVE-2022-23852.patch \
+           file://CVE-2022-23990.patch \
            file://libtool-tag.patch \
          "
 
-- 
2.25.1

[OE-core][dunfell 02/20] connman: fix CVE-2022-23096-7

[Steve Sakoman]

An issue was discovered in the DNS proxy in Connman through 1.40.
The TCP server reply implementation lacks a check for the presence
of sufficient Header Data, leading to an out-of-bounds read (CVE-2022-23096)

An issue was discovered in the DNS proxy in Connman through 1.40.
forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds
read (CVE-2022-23097)

Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950

CVE: CVE-2022-23096 CVE-2022-23097

Signed-off-by: Steve Sakoman
---
 .../connman/connman/CVE-2022-23096-7.patch    | 121 ++++++++++++++++++
 .../connman/connman_1.37.bb                   |   1 +
 2 files changed, 122 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch
new file mode 100644
index 0000000000..7f27474830
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch
@@ -0,0 +1,121 @@
+From e5a313736e13c90d19085e953a26256a198e4950 Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Tue, 25 Jan 2022 10:00:24 +0100
+Subject: dnsproxy: Validate input data before using them
+
+dnsproxy is not validating various input data. Add a bunch of checks.
+
+Fixes: CVE-2022-23097
+Fixes: CVE-2022-23096
+
+Upstream-Status: Backport
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
+
+CVE: CVE-2022-23096 CVE-2022-23097
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ src/dnsproxy.c | 31 ++++++++++++++++++++++++++-----
+ 1 file changed, 26 insertions(+), 5 deletions(-)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index cdfafbc2..c027bcb9 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -1951,6 +1951,12 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 
+ 	if (offset < 0)
+ 		return offset;
++	if (reply_len < 0)
++		return -EINVAL;
++	if (reply_len < offset + 1)
++		return -EINVAL;
++	if ((size_t)reply_len < sizeof(struct domain_hdr))
++		return -EINVAL;
+ 
+ 	hdr = (void *)(reply + offset);
+ 	dns_id = reply[offset] | reply[offset + 1] << 8;
+@@ -1986,23 +1992,31 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 		 */
+ 		if (req->append_domain && ntohs(hdr->qdcount) == 1) {
+ 			uint16_t domain_len = 0;
+-			uint16_t header_len;
++			uint16_t header_len, payload_len;
+ 			uint16_t dns_type, dns_class;
+ 			uint8_t host_len, dns_type_pos;
+ 			char uncompressed[NS_MAXDNAME], *uptr;
+ 			char *ptr, *eom = (char *)reply + reply_len;
++			char *domain;
+ 
+ 			/*
+ 			 * ptr points to the first char of the hostname.
+ 			 * ->hostname.domain.net
+ 			 */
+ 			header_len = offset + sizeof(struct domain_hdr);
++			if (reply_len < header_len)
++				return -EINVAL;
++			payload_len = reply_len - header_len;
++
+ 			ptr = (char *)reply + header_len;
+ 
+ 			host_len = *ptr;
++			domain = ptr + 1 + host_len;
++			if (domain > eom)
++				return -EINVAL;
++
+ 			if (host_len > 0)
+-				domain_len = strnlen(ptr + 1 + host_len,
+-						reply_len - header_len);
++				domain_len = strnlen(domain, eom - domain);
+ 
+ 			/*
+ 			 * If the query type is anything other than A or AAAA,
+@@ -2011,6 +2025,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 			 */
+ 			dns_type_pos = host_len + 1 + domain_len + 1;
+ 
++			if (ptr + (dns_type_pos + 3) > eom)
++				return -EINVAL;
+ 			dns_type = ptr[dns_type_pos] << 8 |
+ 							ptr[dns_type_pos + 1];
+ 			dns_class = ptr[dns_type_pos + 2] << 8 |
+@@ -2040,6 +2056,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 				int new_len, fixed_len;
+ 				char *answers;
+ 
++				if (len > payload_len)
++					return -EINVAL;
+ 				/*
+ 				 * First copy host (without domain name) into
+ 				 * tmp buffer.
+@@ -2054,6 +2072,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 				 * Copy type and class fields of the question.
+ 				 */
+ 				ptr += len + domain_len + 1;
++				if (ptr + NS_QFIXEDSZ > eom)
++					return -EINVAL;
+ 				memcpy(uptr, ptr, NS_QFIXEDSZ);
+ 
+ 				/*
+@@ -2063,6 +2083,8 @@ static int forward_dns_reply(unsigned char *reply, int reply_len, int protocol,
+ 				uptr += NS_QFIXEDSZ;
+ 				answers = uptr;
+ 				fixed_len = answers - uncompressed;
++				if (ptr + offset > eom)
++					return -EINVAL;
+ 
+ 				/*
+ 				 * We then uncompress the result to buffer
+@@ -2257,8 +2279,7 @@ static gboolean udp_server_event(GIOChannel *channel, GIOCondition condition,
+ 
+ 	len = recv(sk, buf, sizeof(buf), 0);
+ 
+-	if (len >= 12)
+-		forward_dns_reply(buf, len, IPPROTO_UDP, data);
++	forward_dns_reply(buf, len, IPPROTO_UDP, data);
+ 
+ 	return TRUE;
+ }
+-- 
+cgit 1.2.3-1.el7
+
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index bdab4c4f18..e3ea3cd065 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -9,6 +9,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://CVE-2021-26675.patch \
             file://CVE-2021-26676-0001.patch \
             file://CVE-2021-26676-0002.patch \
+            file://CVE-2022-23096-7.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-- 
2.25.1

[OE-core][dunfell 03/20] connman: fix CVE-2022-23098

[Steve Sakoman]

An issue was discovered in the DNS proxy in Connman through 1.40.
The TCP server reply implementation has an infinite loop if no
data is received.

Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4

CVE: CVE-2022-23098

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../connman/connman/CVE-2022-23098.patch      | 50 +++++++++++++++++++
 .../connman/connman_1.37.bb                   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch
new file mode 100644
index 0000000000..a40c9f583f
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2022-23098.patch
@@ -0,0 +1,50 @@
+From d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <mgerstner@suse.de>
+Date: Tue, 25 Jan 2022 10:00:25 +0100
+Subject: dnsproxy: Avoid 100 % busy loop in TCP server case
+
+Once the TCP socket is connected and until the remote server is
+responding (if ever) ConnMan executes a 100 % CPU loop, since
+the connected socket will always be writable (G_IO_OUT).
+
+To fix this, modify the watch after the connection is established to
+remove the G_IO_OUT from the callback conditions.
+
+Fixes: CVE-2022-23098
+
+Upstream-Status: Backport
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
+
+CVE: CVE-2022-23098
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ src/dnsproxy.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index c027bcb9..1ccf36a9 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -2360,6 +2360,18 @@ hangup:
+ 			}
+ 		}
+ 
++		/*
++		 * Remove the G_IO_OUT flag from the watch, otherwise we end
++		 * up in a busy loop, because the socket is constantly writable.
++		 *
++		 * There seems to be no better way in g_io to do that than
++		 * re-adding the watch.
++		 */
++		g_source_remove(server->watch);
++		server->watch = g_io_add_watch(server->channel,
++			G_IO_IN | G_IO_HUP | G_IO_NVAL | G_IO_ERR,
++			tcp_server_event, server);
++
+ 		server->connected = true;
+ 		server_list = g_slist_append(server_list, server);
+ 
+-- 
+cgit 1.2.3-1.el7
+
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index e3ea3cd065..096981364f 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -10,6 +10,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://CVE-2021-26676-0001.patch \
             file://CVE-2021-26676-0002.patch \
             file://CVE-2022-23096-7.patch \
+            file://CVE-2022-23098.patch \
 "
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-- 
2.25.1

[OE-core][dunfell 04/20] connman: fix CVE-2021-33833

[Steve Sakoman]

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based
buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or
RDLENGTH (for A or AAAA).

Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c

CVE: CVE-2021-33833

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../connman/connman/CVE-2021-33833.patch      | 72 +++++++++++++++++++
 .../connman/connman_1.37.bb                   |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch b/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch
new file mode 100644
index 0000000000..770948fb69
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2021-33833.patch
@@ -0,0 +1,72 @@
+From eceb2e8d2341c041df55a5e2f047d9a8c491463c Mon Sep 17 00:00:00 2001
+From: Valery Kashcheev <v.kascheev@omp.ru>
+Date: Mon, 7 Jun 2021 18:58:24 +0200
+Subject: dnsproxy: Check the length of buffers before memcpy
+
+Fix using a stack-based buffer overflow attack by checking the length of
+the ptr and uptr buffers.
+
+Fix debug message output.
+
+Fixes: CVE-2021-33833
+
+Upstream-Status: Backport
+https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
+CVE: CVE-2021-33833
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ src/dnsproxy.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index de52df5a..38dbdd71 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -1788,17 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+ 		 * tmp buffer.
+ 		 */
+ 
+-		debug("pos %d ulen %d left %d name %s", pos, ulen,
+-			(int)(uncomp_len - (uptr - uncompressed)), uptr);
+-
+-		ulen = strlen(name);
+-		if ((uptr + ulen + 1) > uncomp_end) {
++		ulen = strlen(name) + 1;
++		if ((uptr + ulen) > uncomp_end)
+ 			goto out;
+-		}
+-		strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
++		strncpy(uptr, name, ulen);
++
++		debug("pos %d ulen %d left %d name %s", pos, ulen,
++			(int)(uncomp_end - (uptr + ulen)), uptr);
+ 
+ 		uptr += ulen;
+-		*uptr++ = '\0';
+ 
+ 		ptr += pos;
+ 
+@@ -1841,7 +1839,7 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+ 		} else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) {
+ 			dlen = uptr[-2] << 8 | uptr[-1];
+ 
+-			if (ptr + dlen > end) {
++			if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) {
+ 				debug("data len %d too long", dlen);
+ 				goto out;
+ 			}
+@@ -1880,6 +1878,10 @@ static char *uncompress(int16_t field_count, char *start, char *end,
+ 			 * refresh interval, retry interval, expiration
+ 			 * limit and minimum ttl). They are 20 bytes long.
+ 			 */
++			if ((uptr + 20) > uncomp_end || (ptr + 20) > end) {
++				debug("soa record too long");
++				goto out;
++			}
+ 			memcpy(uptr, ptr, 20);
+ 			uptr += 20;
+ 			ptr += 20;
+-- 
+cgit 1.2.3-1.el7
+
diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index 096981364f..bdd1e590ec 100644
--- a/meta/recipes-connectivity/connman/connman_1.37.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -9,6 +9,7 @@ SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://CVE-2021-26675.patch \
             file://CVE-2021-26676-0001.patch \
             file://CVE-2021-26676-0002.patch \
+            file://CVE-2021-33833.patch \
             file://CVE-2022-23096-7.patch \
             file://CVE-2022-23098.patch \
 "
-- 
2.25.1

[OE-core][dunfell 05/20] wpa-supplicant: fix CVE-2022-23303-4

[Steve Sakoman]

The implementations of SAE in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side channel attacks as a result
of cache access patterns. NOTE: this issue exists because of an
incomplete fix for CVE-2019-9494.

Backport patches from:
https://w1.fi/security/2022-1/

CVE: CVE-2022-23303 CVE-2022-23304

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../wpa-supplicant/CVE-2022-23303-4.patch     | 609 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.9.bb      |   1 +
 2 files changed, 610 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch
new file mode 100644
index 0000000000..21e65ba961
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-23303-4.patch
@@ -0,0 +1,609 @@
+From 208e5687ff2e48622e28d8888ce5444a54353bbd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 27 Aug 2019 16:33:15 +0300
+Subject: [PATCH 1/4] crypto: Add more bignum/EC helper functions
+
+These are needed for implementing SAE hash-to-element.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+
+Upstream-Status: Backport
+https://w1.fi/security/2022-1/
+
+CVE: CVE-2022-23303 CVE-2022-23304
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ src/crypto/crypto.h         | 45 ++++++++++++++++++
+ src/crypto/crypto_openssl.c | 94 +++++++++++++++++++++++++++++++++++++
+ src/crypto/crypto_wolfssl.c | 66 ++++++++++++++++++++++++++
+ 3 files changed, 205 insertions(+)
+
+diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
+index 15f8ad04cea4..68476dbce96c 100644
+--- a/src/crypto/crypto.h
++++ b/src/crypto/crypto.h
+@@ -518,6 +518,13 @@ struct crypto_bignum * crypto_bignum_init(void);
+  */
+ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len);
+ 
++/**
++ * crypto_bignum_init_set - Allocate memory for bignum and set the value (uint)
++ * @val: Value to set
++ * Returns: Pointer to allocated bignum or %NULL on failure
++ */
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val);
++
+ /**
+  * crypto_bignum_deinit - Free bignum
+  * @n: Bignum from crypto_bignum_init() or crypto_bignum_init_set()
+@@ -612,6 +619,19 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ 		      const struct crypto_bignum *b,
+ 		      struct crypto_bignum *c);
+ 
++/**
++ * crypto_bignum_addmod - d = a + b (mod c)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum
++ * @d: Bignum; used to store the result of (a + b) % c
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d);
++
+ /**
+  * crypto_bignum_mulmod - d = a * b (mod c)
+  * @a: Bignum
+@@ -625,6 +645,28 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 const struct crypto_bignum *c,
+ 			 struct crypto_bignum *d);
+ 
++/**
++ * crypto_bignum_sqrmod - c = a^2 (mod b)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum; used to store the result of a^2 % b
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 struct crypto_bignum *c);
++
++/**
++ * crypto_bignum_sqrtmod - returns sqrt(a) (mod b)
++ * @a: Bignum
++ * @b: Bignum
++ * @c: Bignum; used to store the result
++ * Returns: 0 on success, -1 on failure
++ */
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++			  const struct crypto_bignum *b,
++			  struct crypto_bignum *c);
++
+ /**
+  * crypto_bignum_rshift - r = a >> n
+  * @a: Bignum
+@@ -731,6 +773,9 @@ const struct crypto_bignum * crypto_ec_get_prime(struct crypto_ec *e);
+  */
+ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e);
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e);
++
+ /**
+  * struct crypto_ec_point - Elliptic curve point
+  *
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index bab33a537293..ed463105e8f1 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -1283,6 +1283,24 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len)
+ }
+ 
+ 
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
++{
++	BIGNUM *bn;
++
++	if (TEST_FAIL())
++		return NULL;
++
++	bn = BN_new();
++	if (!bn)
++		return NULL;
++	if (BN_set_word(bn, val) != 1) {
++		BN_free(bn);
++		return NULL;
++	}
++	return (struct crypto_bignum *) bn;
++}
++
++
+ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
+ {
+ 	if (clear)
+@@ -1449,6 +1467,28 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d)
++{
++	int res;
++	BN_CTX *bnctx;
++
++	if (TEST_FAIL())
++		return -1;
++
++	bnctx = BN_CTX_new();
++	if (!bnctx)
++		return -1;
++	res = BN_mod_add((BIGNUM *) d, (const BIGNUM *) a, (const BIGNUM *) b,
++			 (const BIGNUM *) c, bnctx);
++	BN_CTX_free(bnctx);
++
++	return res ? 0 : -1;
++}
++
++
+ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 const struct crypto_bignum *b,
+ 			 const struct crypto_bignum *c,
+@@ -1472,6 +1512,48 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 struct crypto_bignum *c)
++{
++	int res;
++	BN_CTX *bnctx;
++
++	if (TEST_FAIL())
++		return -1;
++
++	bnctx = BN_CTX_new();
++	if (!bnctx)
++		return -1;
++	res = BN_mod_sqr((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b,
++			 bnctx);
++	BN_CTX_free(bnctx);
++
++	return res ? 0 : -1;
++}
++
++
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++			  const struct crypto_bignum *b,
++			  struct crypto_bignum *c)
++{
++	BN_CTX *bnctx;
++	BIGNUM *res;
++
++	if (TEST_FAIL())
++		return -1;
++
++	bnctx = BN_CTX_new();
++	if (!bnctx)
++		return -1;
++	res = BN_mod_sqrt((BIGNUM *) c, (const BIGNUM *) a, (const BIGNUM *) b,
++			  bnctx);
++	BN_CTX_free(bnctx);
++
++	return res ? 0 : -1;
++}
++
++
+ int crypto_bignum_rshift(const struct crypto_bignum *a, int n,
+ 			 struct crypto_bignum *r)
+ {
+@@ -1682,6 +1764,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e)
+ }
+ 
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) e->a;
++}
++
++
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) e->b;
++}
++
++
+ void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
+ {
+ 	if (clear)
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 4cedab4367cd..e9894b335e53 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1042,6 +1042,26 @@ struct crypto_bignum * crypto_bignum_init_set(const u8 *buf, size_t len)
+ }
+ 
+ 
++struct crypto_bignum * crypto_bignum_init_uint(unsigned int val)
++{
++	mp_int *a;
++
++	if (TEST_FAIL())
++		return NULL;
++
++	a = (mp_int *) crypto_bignum_init();
++	if (!a)
++		return NULL;
++
++	if (mp_set_int(a, val) != MP_OKAY) {
++		os_free(a);
++		a = NULL;
++	}
++
++	return (struct crypto_bignum *) a;
++}
++
++
+ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
+ {
+ 	if (!n)
+@@ -1168,6 +1188,19 @@ int crypto_bignum_div(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_addmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 const struct crypto_bignum *c,
++			 struct crypto_bignum *d)
++{
++	if (TEST_FAIL())
++		return -1;
++
++	return mp_addmod((mp_int *) a, (mp_int *) b, (mp_int *) c,
++			 (mp_int *) d) == MP_OKAY ?  0 : -1;
++}
++
++
+ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ 			 const struct crypto_bignum *b,
+ 			 const struct crypto_bignum *m,
+@@ -1181,6 +1214,27 @@ int crypto_bignum_mulmod(const struct crypto_bignum *a,
+ }
+ 
+ 
++int crypto_bignum_sqrmod(const struct crypto_bignum *a,
++			 const struct crypto_bignum *b,
++			 struct crypto_bignum *c)
++{
++	if (TEST_FAIL())
++		return -1;
++
++	return mp_sqrmod((mp_int *) a, (mp_int *) b,
++			 (mp_int *) c) == MP_OKAY ?  0 : -1;
++}
++
++
++int crypto_bignum_sqrtmod(const struct crypto_bignum *a,
++			  const struct crypto_bignum *b,
++			  struct crypto_bignum *c)
++{
++	/* TODO */
++	return -1;
++}
++
++
+ int crypto_bignum_rshift(const struct crypto_bignum *a, int n,
+ 			 struct crypto_bignum *r)
+ {
+@@ -1386,6 +1440,18 @@ const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e)
+ }
+ 
+ 
++const struct crypto_bignum * crypto_ec_get_a(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) &e->a;
++}
++
++
++const struct crypto_bignum * crypto_ec_get_b(struct crypto_ec *e)
++{
++	return (const struct crypto_bignum *) &e->b;
++}
++
++
+ void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
+ {
+ 	ecc_point *point = (ecc_point *) p;
+-- 
+2.25.1
+
+From 2232d3d5f188b65dbb6c823ac62175412739eb16 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 13:47:16 +0200
+Subject: [PATCH 2/4] dragonfly: Add sqrt() helper function
+
+This is a backport of "SAE: Move sqrt() implementation into a helper
+function" to introduce the helper function needed for the following
+patches.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/common/dragonfly.c | 34 ++++++++++++++++++++++++++++++++++
+ src/common/dragonfly.h |  2 ++
+ 2 files changed, 36 insertions(+)
+
+diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
+index 547be66f1561..1e842716668e 100644
+--- a/src/common/dragonfly.c
++++ b/src/common/dragonfly.c
+@@ -213,3 +213,37 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
+ 		   "dragonfly: Unable to get randomness for own scalar");
+ 	return -1;
+ }
++
++
++/* res = sqrt(val) */
++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
++		   struct crypto_bignum *res)
++{
++	const struct crypto_bignum *prime;
++	struct crypto_bignum *tmp, *one;
++	int ret = 0;
++	u8 prime_bin[DRAGONFLY_MAX_ECC_PRIME_LEN];
++	size_t prime_len;
++
++	/* For prime p such that p = 3 mod 4, sqrt(w) = w^((p+1)/4) mod p */
++
++	prime = crypto_ec_get_prime(ec);
++	prime_len = crypto_ec_prime_len(ec);
++	tmp = crypto_bignum_init();
++	one = crypto_bignum_init_uint(1);
++
++	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
++				 prime_len) < 0 ||
++	    (prime_bin[prime_len - 1] & 0x03) != 3 ||
++	    !tmp || !one ||
++	    /* tmp = (p+1)/4 */
++	    crypto_bignum_add(prime, one, tmp) < 0 ||
++	    crypto_bignum_rshift(tmp, 2, tmp) < 0 ||
++	    /* res = sqrt(val) */
++	    crypto_bignum_exptmod(val, tmp, prime, res) < 0)
++		ret = -1;
++
++	crypto_bignum_deinit(tmp, 0);
++	crypto_bignum_deinit(one, 0);
++	return ret;
++}
+diff --git a/src/common/dragonfly.h b/src/common/dragonfly.h
+index ec3dd593eda4..84d67f575c54 100644
+--- a/src/common/dragonfly.h
++++ b/src/common/dragonfly.h
+@@ -27,5 +27,7 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
+ 			      struct crypto_bignum *_rand,
+ 			      struct crypto_bignum *_mask,
+ 			      struct crypto_bignum *scalar);
++int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
++		   struct crypto_bignum *res);
+ 
+ #endif /* DRAGONFLY_H */
+-- 
+2.25.1
+
+From fe534b0baaa8c0e6ddeb24cf529d6e50e33dc501 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 13:47:16 +0200
+Subject: [PATCH 3/4] SAE: Derive the y coordinate for PWE with own
+ implementation
+
+The crypto_ec_point_solve_y_coord() wrapper function might not use
+constant time operations in the crypto library and as such, could leak
+side channel information about the password that is used to generate the
+PWE in the hunting and pecking loop. As such, calculate the two possible
+y coordinate values and pick the correct one to use with constant time
+selection.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/common/sae.c | 47 +++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 33 insertions(+), 14 deletions(-)
+
+diff --git a/src/common/sae.c b/src/common/sae.c
+index 08fdbfd18173..8d79ed962768 100644
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -286,14 +286,16 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
+ 	int pwd_seed_odd = 0;
+ 	u8 prime[SAE_MAX_ECC_PRIME_LEN];
+ 	size_t prime_len;
+-	struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
++	struct crypto_bignum *x = NULL, *y = NULL, *qr = NULL, *qnr = NULL;
+ 	u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
+ 	u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
+ 	u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
+ 	u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
++	u8 x_y[2 * SAE_MAX_ECC_PRIME_LEN];
+ 	int res = -1;
+ 	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
+ 		       * mask */
++	unsigned int is_eq;
+ 
+ 	os_memset(x_bin, 0, sizeof(x_bin));
+ 
+@@ -402,25 +404,42 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
+ 		goto fail;
+ 	}
+ 
+-	if (!sae->tmp->pwe_ecc)
+-		sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec);
+-	if (!sae->tmp->pwe_ecc)
+-		res = -1;
+-	else
+-		res = crypto_ec_point_solve_y_coord(sae->tmp->ec,
+-						    sae->tmp->pwe_ecc, x,
+-						    pwd_seed_odd);
+-	if (res < 0) {
+-		/*
+-		 * This should not happen since we already checked that there
+-		 * is a result.
+-		 */
++	/* y = sqrt(x^3 + ax + b) mod p
++	 * if LSB(save) == LSB(y): PWE = (x, y)
++	 * else: PWE = (x, p - y)
++	 *
++	 * Calculate y and the two possible values for PWE and after that,
++	 * use constant time selection to copy the correct alternative.
++	 */
++	y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x);
++	if (!y ||
++	    dragonfly_sqrt(sae->tmp->ec, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y, SAE_MAX_ECC_PRIME_LEN,
++				 prime_len) < 0 ||
++	    crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y + SAE_MAX_ECC_PRIME_LEN,
++				 SAE_MAX_ECC_PRIME_LEN, prime_len) < 0) {
+ 		wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
++		goto fail;
++	}
++
++	is_eq = const_time_eq(pwd_seed_odd, x_y[prime_len - 1] & 0x01);
++	const_time_select_bin(is_eq, x_y, x_y + SAE_MAX_ECC_PRIME_LEN,
++			      prime_len, x_y + prime_len);
++	os_memcpy(x_y, x_bin, prime_len);
++	wpa_hexdump_key(MSG_DEBUG, "SAE: PWE", x_y, 2 * prime_len);
++	crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1);
++	sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y);
++	if (!sae->tmp->pwe_ecc) {
++		wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE");
++		res = -1;
+ 	}
+ 
+ fail:
++	forced_memzero(x_y, sizeof(x_y));
+ 	crypto_bignum_deinit(qr, 0);
+ 	crypto_bignum_deinit(qnr, 0);
++	crypto_bignum_deinit(y, 1);
+ 	os_free(dummy_password);
+ 	bin_clear_free(tmp_password, password_len);
+ 	crypto_bignum_deinit(x, 1);
+-- 
+2.25.1
+
+From 603cd880e7f90595482658a7136fa6a7be5cb485 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 7 Jan 2022 18:52:27 +0200
+Subject: [PATCH 4/4] EAP-pwd: Derive the y coordinate for PWE with own
+ implementation
+
+The crypto_ec_point_solve_y_coord() wrapper function might not use
+constant time operations in the crypto library and as such, could leak
+side channel information about the password that is used to generate the
+PWE in the hunting and pecking loop. As such, calculate the two possible
+y coordinate values and pick the correct one to use with constant time
+selection.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_common/eap_pwd_common.c | 46 ++++++++++++++++++++++++++-------
+ 1 file changed, 36 insertions(+), 10 deletions(-)
+
+diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
+index 2b2b8efdbd01..ff22b29b087a 100644
+--- a/src/eap_common/eap_pwd_common.c
++++ b/src/eap_common/eap_pwd_common.c
+@@ -127,7 +127,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
+ 	u8 x_bin[MAX_ECC_PRIME_LEN];
+ 	u8 prime_bin[MAX_ECC_PRIME_LEN];
+-	struct crypto_bignum *tmp2 = NULL;
++	u8 x_y[2 * MAX_ECC_PRIME_LEN];
++	struct crypto_bignum *tmp2 = NULL, *y = NULL;
+ 	struct crypto_hash *hash;
+ 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
+ 	int ret = 0, res;
+@@ -139,6 +140,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	u8 found_ctr = 0, is_odd = 0;
+ 	int cmp_prime;
+ 	unsigned int in_range;
++	unsigned int is_eq;
+ 
+ 	if (grp->pwe)
+ 		return -1;
+@@ -151,11 +153,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
+ 				 primebytelen) < 0)
+ 		return -1;
+-	grp->pwe = crypto_ec_point_init(grp->group);
+-	if (!grp->pwe) {
+-		wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
+-		goto fail;
+-	}
+ 
+ 	if ((prfbuf = os_malloc(primebytelen)) == NULL) {
+ 		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
+@@ -261,10 +258,37 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	 */
+ 	crypto_bignum_deinit(x_candidate, 1);
+ 	x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
+-	if (!x_candidate ||
+-	    crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate,
+-					  is_odd) != 0) {
+-		wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y");
++	if (!x_candidate)
++		goto fail;
++
++	/* y = sqrt(x^3 + ax + b) mod p
++	 * if LSB(y) == LSB(pwd-seed): PWE = (x, y)
++	 * else: PWE = (x, p - y)
++	 *
++	 * Calculate y and the two possible values for PWE and after that,
++	 * use constant time selection to copy the correct alternative.
++	 */
++	y = crypto_ec_point_compute_y_sqr(grp->group, x_candidate);
++	if (!y ||
++	    dragonfly_sqrt(grp->group, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y, MAX_ECC_PRIME_LEN, primebytelen) < 0 ||
++	    crypto_bignum_sub(prime, y, y) < 0 ||
++	    crypto_bignum_to_bin(y, x_y + MAX_ECC_PRIME_LEN,
++				 MAX_ECC_PRIME_LEN, primebytelen) < 0) {
++		wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
++		goto fail;
++	}
++
++	/* Constant time selection of the y coordinate from the two
++	 * options */
++	is_eq = const_time_eq(is_odd, x_y[primebytelen - 1] & 0x01);
++	const_time_select_bin(is_eq, x_y, x_y + MAX_ECC_PRIME_LEN,
++			      primebytelen, x_y + primebytelen);
++	os_memcpy(x_y, x_bin, primebytelen);
++	wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: PWE", x_y, 2 * primebytelen);
++	grp->pwe = crypto_ec_point_from_bin(grp->group, x_y);
++	if (!grp->pwe) {
++		wpa_printf(MSG_DEBUG, "EAP-pwd: Could not generate PWE");
+ 		goto fail;
+ 	}
+ 
+@@ -289,6 +313,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	/* cleanliness and order.... */
+ 	crypto_bignum_deinit(x_candidate, 1);
+ 	crypto_bignum_deinit(tmp2, 1);
++	crypto_bignum_deinit(y, 1);
+ 	crypto_bignum_deinit(qr, 1);
+ 	crypto_bignum_deinit(qnr, 1);
+ 	bin_clear_free(prfbuf, primebytelen);
+@@ -296,6 +321,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
+ 	os_memset(qnr_bin, 0, sizeof(qnr_bin));
+ 	os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
+ 	os_memset(pwe_digest, 0, sizeof(pwe_digest));
++	forced_memzero(x_y, sizeof(x_y));
+ 
+ 	return ret;
+ }
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index cddcfb6811..a8fb34b1a1 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://CVE-2021-0326.patch \
            file://CVE-2021-27803.patch \
            file://CVE-2021-30004.patch \
+           file://CVE-2022-23303-4.patch \
           "
 SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
 SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
-- 
2.25.1

[OE-core][dunfell 06/20] lighttpd: backport a fix for CVE-2022-22707

[Steve Sakoman]

From: Ross Burton <ross@burtonini.com>

Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.

(From OE-Core rev: d54d7e7b43da621be8e6fcca34feb7b3d49b8160)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7695d11dd09b1e9e87d6741135d0b28e82672f0a)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ix-out-of-bounds-OOB-write-fixes-313.patch | 100 ++++++++++++++++++
 .../lighttpd/lighttpd_1.4.55.bb               |   1 +
 2 files changed, 101 insertions(+)
 create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch

diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
new file mode 100644
index 0000000000..da59b7297a
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
@@ -0,0 +1,100 @@
+From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001
+From: povcfe <povcfe@qq.com>
+Date: Wed, 5 Jan 2022 11:11:09 +0000
+Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
+
+(thx povcfe)
+
+(edited: gstrauss)
+
+There is a potential remote denial of service in lighttpd mod_extforward
+under specific, non-default and uncommon 32-bit lighttpd mod_extforward
+configurations.
+
+Under specific, non-default and uncommon lighttpd mod_extforward
+configurations, a remote attacker can trigger a 4-byte out-of-bounds
+write of value '-1' to the stack. This is not believed to be exploitable
+in any way beyond triggering a crash of the lighttpd server on systems
+where the lighttpd server has been built 32-bit and with compiler flags
+which enable a stack canary -- gcc/clang -fstack-protector-strong or
+-fstack-protector-all, but bug not visible with only -fstack-protector.
+
+With standard lighttpd builds using -O2 optimization on 64-bit x86_64,
+this bug has not been observed to cause adverse behavior, even with
+gcc/clang -fstack-protector-strong.
+
+For the bug to be reachable, the user must be using a non-default
+lighttpd configuration which enables mod_extforward and configures
+mod_extforward to accept and parse the "Forwarded" header from a trusted
+proxy. At this time, support for RFC7239 Forwarded is not common in CDN
+providers or popular web server reverse proxies. It bears repeating that
+for the user to desire to configure lighttpd mod_extforward to accept
+"Forwarded", the user must also be using a trusted proxy (in front of
+lighttpd) which understands and actively modifies the "Forwarded" header
+sent to lighttpd.
+
+lighttpd natively supports RFC7239 "Forwarded"
+hiawatha natively supports RFC7239 "Forwarded"
+
+nginx can be manually configured to add a "Forwarded" header
+https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
+
+A 64-bit build of lighttpd on x86_64 (not known to be affected by bug)
+in front of another 32-bit lighttpd will detect and reject a malicious
+"Forwarded" request header, thereby thwarting an attempt to trigger
+this bug in an upstream 32-bit lighttpd.
+
+The following servers currently do not natively support RFC7239 Forwarded:
+nginx
+apache2
+caddy
+node.js
+haproxy
+squid
+varnish-cache
+litespeed
+
+Given the general dearth of support for RFC7239 Forwarded in popular
+CDNs and web server reverse proxies, and given the prerequisites in
+lighttpd mod_extforward needed to reach this bug, the number of lighttpd
+servers vulnerable to this bug is estimated to be vanishingly small.
+Large systems using reverse proxies are likely running 64-bit lighttpd,
+which is not known to be adversely affected by this bug.
+
+In the future, it is desirable for more servers to implement RFC7239
+Forwarded.  lighttpd developers would like to thank povcfe for reporting
+this bug so that it can be fixed before more CDNs and web servers
+implement RFC7239 Forwarded.
+
+x-ref:
+  "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1"
+  https://redmine.lighttpd.net/issues/3134
+  (not yet written or published)
+  CVE-2022-22707
+
+Upstream-Status: Backport
+CVE: CVE-2022-22707
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
+Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
+---
+ src/mod_extforward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mod_extforward.c b/src/mod_extforward.c
+index ba957e04..fdaef7f6 100644
+--- a/src/mod_extforward.c
++++ b/src/mod_extforward.c
+@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
+         while (s[i] == ' ' || s[i] == '\t') ++i;
+         if (s[i] == ';') { ++i; continue; }
+         if (s[i] == ',') {
+-            if (j >= (int)(sizeof(offsets)/sizeof(int))) break;
++            if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break;
+             offsets[++j] = -1; /*("offset" separating params from next proxy)*/
+             ++i;
+             continue;
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb
index 737d6ebf7c..357a269015 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb
@@ -14,6 +14,7 @@ RRECOMMENDS_${PN} = "lighttpd-module-access \
                      lighttpd-module-accesslog"
 
 SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+        file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \
         file://index.html.lighttpd \
         file://lighttpd.conf \
         file://lighttpd \
-- 
2.25.1

[OE-core][dunfell 07/20] binutils: Fix CVE-2021-45078

[Steve Sakoman]

From: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02]
(From OE-Core rev: be665a2279795c522cb3e3e700ea747efd885f95)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 823d25f5218836fb4298482366fbc5d05d822907)
Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.34.inc                |   1 +
 .../binutils/0001-CVE-2021-45078.patch        | 257 ++++++++++++++++++
 2 files changed, 258 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 903b9d7b01..6a55de2d45 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -51,5 +51,6 @@ SRC_URI = "\
      file://CVE-2021-3487.patch \
      file://CVE-2021-3549.patch \
      file://CVE-2020-16593.patch \
+     file://0001-CVE-2021-45078.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch
new file mode 100644
index 0000000000..2af82477ac
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch
@@ -0,0 +1,257 @@
+From 161e87d12167b1e36193385485c1f6ce92f74f02 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 15 Dec 2021 11:48:42 +1030
+Subject: [PATCH] PR28694, Out-of-bounds write in stab_xcoff_builtin_type
+
+	PR 28694
+	* stabs.c (stab_xcoff_builtin_type): Make typenum unsigned.
+	Negate typenum earlier, simplifying bounds checking.  Correct
+	off-by-one indexing.  Adjust switch cases.
+
+
+CVE: CVE-2021-45078
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02]
+
+Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
+Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
+Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
+---
+ binutils/stabs.c | 87 ++++++++++++++++++++++++------------------------
+ 1 file changed, 43 insertions(+), 44 deletions(-)
+
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 274bfb0e7fa..83ee3ea5fa4 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -202,7 +202,7 @@ static debug_type stab_find_type (void *, struct stab_handle *, const int *);
+ static bfd_boolean stab_record_type
+   (void *, struct stab_handle *, const int *, debug_type);
+ static debug_type stab_xcoff_builtin_type
+-  (void *, struct stab_handle *, int);
++  (void *, struct stab_handle *, unsigned int);
+ static debug_type stab_find_tagged_type
+   (void *, struct stab_handle *, const char *, int, enum debug_type_kind);
+ static debug_type *stab_demangle_argtypes
+@@ -3496,166 +3496,167 @@ stab_record_type (void *dhandle ATTRIBUTE_UNUSED, struct stab_handle *info,
+ 
+ static debug_type
+ stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info,
+-			 int typenum)
++			 unsigned int typenum)
+ {
+   debug_type rettype;
+   const char *name;
+ 
+-  if (typenum >= 0 || typenum < -XCOFF_TYPE_COUNT)
++  typenum = -typenum - 1;
++  if (typenum >= XCOFF_TYPE_COUNT)
+     {
+-      fprintf (stderr, _("Unrecognized XCOFF type %d\n"), typenum);
++      fprintf (stderr, _("Unrecognized XCOFF type %d\n"), -typenum - 1);
+       return DEBUG_TYPE_NULL;
+     }
+-  if (info->xcoff_types[-typenum] != NULL)
+-    return info->xcoff_types[-typenum];
++  if (info->xcoff_types[typenum] != NULL)
++    return info->xcoff_types[typenum];
+ 
+-  switch (-typenum)
++  switch (typenum)
+     {
+-    case 1:
++    case 0:
+       /* The size of this and all the other types are fixed, defined
+ 	 by the debugging format.  */
+       name = "int";
+       rettype = debug_make_int_type (dhandle, 4, FALSE);
+       break;
+-    case 2:
++    case 1:
+       name = "char";
+       rettype = debug_make_int_type (dhandle, 1, FALSE);
+       break;
+-    case 3:
++    case 2:
+       name = "short";
+       rettype = debug_make_int_type (dhandle, 2, FALSE);
+       break;
+-    case 4:
++    case 3:
+       name = "long";
+       rettype = debug_make_int_type (dhandle, 4, FALSE);
+       break;
+-    case 5:
++    case 4:
+       name = "unsigned char";
+       rettype = debug_make_int_type (dhandle, 1, TRUE);
+       break;
+-    case 6:
++    case 5:
+       name = "signed char";
+       rettype = debug_make_int_type (dhandle, 1, FALSE);
+       break;
+-    case 7:
++    case 6:
+       name = "unsigned short";
+       rettype = debug_make_int_type (dhandle, 2, TRUE);
+       break;
+-    case 8:
++    case 7:
+       name = "unsigned int";
+       rettype = debug_make_int_type (dhandle, 4, TRUE);
+       break;
+-    case 9:
++    case 8:
+       name = "unsigned";
+       rettype = debug_make_int_type (dhandle, 4, TRUE);
+       break;
+-    case 10:
++    case 9:
+       name = "unsigned long";
+       rettype = debug_make_int_type (dhandle, 4, TRUE);
+       break;
+-    case 11:
++    case 10:
+       name = "void";
+       rettype = debug_make_void_type (dhandle);
+       break;
+-    case 12:
++    case 11:
+       /* IEEE single precision (32 bit).  */
+       name = "float";
+       rettype = debug_make_float_type (dhandle, 4);
+       break;
+-    case 13:
++    case 12:
+       /* IEEE double precision (64 bit).  */
+       name = "double";
+       rettype = debug_make_float_type (dhandle, 8);
+       break;
+-    case 14:
++    case 13:
+       /* This is an IEEE double on the RS/6000, and different machines
+ 	 with different sizes for "long double" should use different
+ 	 negative type numbers.  See stabs.texinfo.  */
+       name = "long double";
+       rettype = debug_make_float_type (dhandle, 8);
+       break;
+-    case 15:
++    case 14:
+       name = "integer";
+       rettype = debug_make_int_type (dhandle, 4, FALSE);
+       break;
+-    case 16:
++    case 15:
+       name = "boolean";
+       rettype = debug_make_bool_type (dhandle, 4);
+       break;
+-    case 17:
++    case 16:
+       name = "short real";
+       rettype = debug_make_float_type (dhandle, 4);
+       break;
+-    case 18:
++    case 17:
+       name = "real";
+       rettype = debug_make_float_type (dhandle, 8);
+       break;
+-    case 19:
++    case 18:
+       /* FIXME */
+       name = "stringptr";
+       rettype = NULL;
+       break;
+-    case 20:
++    case 19:
+       /* FIXME */
+       name = "character";
+       rettype = debug_make_int_type (dhandle, 1, TRUE);
+       break;
+-    case 21:
++    case 20:
+       name = "logical*1";
+       rettype = debug_make_bool_type (dhandle, 1);
+       break;
+-    case 22:
++    case 21:
+       name = "logical*2";
+       rettype = debug_make_bool_type (dhandle, 2);
+       break;
+-    case 23:
++    case 22:
+       name = "logical*4";
+       rettype = debug_make_bool_type (dhandle, 4);
+       break;
+-    case 24:
++    case 23:
+       name = "logical";
+       rettype = debug_make_bool_type (dhandle, 4);
+       break;
+-    case 25:
++    case 24:
+       /* Complex type consisting of two IEEE single precision values.  */
+       name = "complex";
+       rettype = debug_make_complex_type (dhandle, 8);
+       break;
+-    case 26:
++    case 25:
+       /* Complex type consisting of two IEEE double precision values.  */
+       name = "double complex";
+       rettype = debug_make_complex_type (dhandle, 16);
+       break;
+-    case 27:
++    case 26:
+       name = "integer*1";
+       rettype = debug_make_int_type (dhandle, 1, FALSE);
+       break;
+-    case 28:
++    case 27:
+       name = "integer*2";
+       rettype = debug_make_int_type (dhandle, 2, FALSE);
+       break;
+-    case 29:
++    case 28:
+       name = "integer*4";
+       rettype = debug_make_int_type (dhandle, 4, FALSE);
+       break;
+-    case 30:
++    case 29:
+       /* FIXME */
+       name = "wchar";
+       rettype = debug_make_int_type (dhandle, 2, FALSE);
+       break;
+-    case 31:
++    case 30:
+       name = "long long";
+       rettype = debug_make_int_type (dhandle, 8, FALSE);
+       break;
+-    case 32:
++    case 31:
+       name = "unsigned long long";
+       rettype = debug_make_int_type (dhandle, 8, TRUE);
+       break;
+-    case 33:
++    case 32:
+       name = "logical*8";
+       rettype = debug_make_bool_type (dhandle, 8);
+       break;
+-    case 34:
++    case 33:
+       name = "integer*8";
+       rettype = debug_make_int_type (dhandle, 8, FALSE);
+       break;
+@@ -3664,9 +3665,7 @@ stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info,
+     }
+ 
+   rettype = debug_name_type (dhandle, name, rettype);
+-
+-  info->xcoff_types[-typenum] = rettype;
+-
++  info->xcoff_types[typenum] = rettype;
+   return rettype;
+ }
+ 
+-- 
+2.27.0
+
-- 
2.25.1

[OE-core][dunfell 08/20] freetype: add missing CVE tag CVE-2020-15999

[Steve Sakoman]

From: Purushottam Choudhary <purushottamchoudhary29@gmail.com>

Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch b/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch
index fa8a29b798..31f9e32dc2 100644
--- a/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch
+++ b/meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch
@@ -6,10 +6,13 @@ Subject: [PATCH] [sfnt] Fix heap buffer overflow (#59308).
 This is CVE-2020-15999.
 
 * src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier.
+CVE: CVE-2020-15999
 
 Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd]
 
 Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
+Signed-off-by: Purushottam Choudhary <purushottam.choudhary@kpit.com>
+Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
 ---
  src/sfnt/pngshim.c | 14 +++++++-------
  1 file changed, 7 insertions(+), 7 deletions(-)
-- 
2.25.1

[OE-core][dunfell 09/20] cve-check: create directory of CVE_CHECK_MANIFEST before copy

[Steve Sakoman]

From: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>

Create directory of the CVE_CHECK_MANIFEST variable before copy to it,
so that the variable can use an arbitrary directory name.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9829c16301bf2dce39fa046401a984f112fa0322)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 6eecbdbf13..6b627464a0 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -143,6 +143,7 @@ python cve_check_write_rootfs_manifest () {
         manifest_name = d.getVar("CVE_CHECK_MANIFEST")
         cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
 
+        bb.utils.mkdirhier(os.path.dirname(manifest_name))
         shutil.copyfile(cve_tmp_file, manifest_name)
 
         if manifest_name and os.path.exists(manifest_name):
-- 
2.25.1

[OE-core][dunfell 10/20] recipetool: Fix circular reference in SRC_URI

[Steve Sakoman]

From: Saul Wold <Saul.Wold@windriver.com>

When creating a new recipe.bb file for a binary, don't use BP which
includes the version information, instead use BPN which is just the
name base Package Name.

Since PB is not specified, it takes the default:
PV = "1.0+git${SRCPV}"

But SRCPV is defined in terms of the SRC_URI, which leads to infinite
recursion (traceback below). Here are the pertinent variables which
cause the recursion:

SRC_URI = "git://github.com/lvc/abi-dumper;protocol=https;subdir=${BP}"
BP = "${BPN}-${PV}"
PV = "1.0+git${SRCPV}"
SRCPV = "${@bb.fetch2.get_srcrev(d)}"

def get_srcrev(d, method_name='sortable_revision'):
    # ... trimmed
    scms = []
    fetcher = Fetch(d.getVar('SRC_URI').split(), d)
    # ... trimmed

[YOCTO #14040]

Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b8d43fc53ee13d39abc3b2a1f706a97fcf752aa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/recipetool/create.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 5b6ac12a92..798cb0cefe 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -435,7 +435,7 @@ def create_recipe(args):
         if args.binary:
             # Assume the archive contains the directory structure verbatim
             # so we need to extract to a subdirectory
-            fetchuri += ';subdir=${BP}'
+            fetchuri += ';subdir=${BPN}'
         srcuri = fetchuri
         rev_re = re.compile(';rev=([^;]+)')
         res = rev_re.search(srcuri)
-- 
2.25.1

[OE-core][dunfell 11/20] devtool: deploy-target: Remove stripped binaries in pseudo context

[Steve Sakoman]

From: Florian Amstutz <florian.amstutz@scs.ch>

deploy-target may fail the second time with "pseudo abort" because
devtool-deploy-target-stripped is deleted outside of pseudo's fakeroot
context.

Signed-off-by: Florian Amstutz <florian.amstutz@scs.ch>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2338a33b690b0bbe279cde3f73764911b239cb50)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/deploy.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index d802b22e8f..e0f8e64b9c 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -170,7 +170,7 @@ def deploy(args, config, basepath, workspace):
             srcdir = recipe_outdir
             recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'devtool-deploy-target-stripped')
             if os.path.isdir(recipe_outdir):
-                bb.utils.remove(recipe_outdir, True)
+                exec_fakeroot(rd, "rm -rf %s" % recipe_outdir, shell=True)
             exec_fakeroot(rd, "cp -af %s %s" % (os.path.join(srcdir, '.'), recipe_outdir), shell=True)
             os.environ['PATH'] = ':'.join([os.environ['PATH'], rd.getVar('PATH') or ''])
             oe.package.strip_execs(args.recipename, recipe_outdir, rd.getVar('STRIP'), rd.getVar('libdir'),
-- 
2.25.1

[OE-core][dunfell 12/20] rpm: fix intermittent compression failure in do_package_write_rpm

[Steve Sakoman]

From: "bkylerussell@gmail.com" <bkylerussell@gmail.com>

rpmbuild can start processing random memory when processing the value
provided by XZ_THREADS, and unintentionally disable encoding for a
file descriptor that in fact requires encoding to be enabled in order
for lzwrite() to actually create an rpm.

  *** Fdopen(0x7f2030002b30,w6T16.xzdio)  | fdio 23 fp (nil)
  ==>     lzopen_internal("w6T16", 23, 1)
  ==>     lzopen_internal set encoding
  ==>     lzopen_internal clear encoding
  ==> Fdopen(0x7f2030002b30,"w6T16.xzdio") returns fd 0x7f2030002b30      | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
  ==>     lzwrite(0x7f2030004e30, 0x7f20789d8070, 6) encoding 0
  ==>     Fwrite(0x7f2030002b30,0x7f20789d8070,6) rc -1   | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
  error: create archive failed: cpio: write

When the encoding bit gets cleared on the LZFILE* struct, lzwrite() then
rightfully complains when it detects !lzfile->encoding, which then gets
bubbled up as a write failure when we go to create the archive.

This fix is available in the rpm 4.17-release.

Signed-off-by: Kyle Russell <bkylerussell@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ..._internal-mode-parsing-when-Tn-is-us.patch | 34 +++++++++++++++++++
 meta/recipes-devtools/rpm/rpm_4.14.2.1.bb     |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch

diff --git a/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
new file mode 100644
index 0000000000..9a5ebb9115
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch
@@ -0,0 +1,34 @@
+From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001
+From: Vitaly Chikunov <vt@altlinux.org>
+Date: Wed, 6 Jan 2021 23:43:41 +0300
+Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used
+
+When there is number after "T" (suggested number of threads or "0" for
+getncpus), lzopen_internal() mode parser would skip one byte, and when
+it's at the end of the string it would then parse undesired garbage from
+the memory, making intermittent compression failures.
+
+Fixes: 7740d1098 ("Add support for multithreaded xz compression")
+Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/405fc8998181353bd510864ca251dc233afec276]
+
+---
+ rpmio/rpmio.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
+index ed1e25140..9d32ec6d9 100644
+--- a/rpmio/rpmio.c
++++ b/rpmio/rpmio.c
+@@ -798,6 +798,7 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
+ 		 * should've processed
+ 		 * */
+ 		while (isdigit(*++mode));
++		--mode;
+ 	    }
+ #ifdef HAVE_LZMA_MT
+ 	    else
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
index c39a5208e5..376021d913 100644
--- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
@@ -44,6 +44,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x;protoc
            file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \
            file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \
            file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
+           file://0001-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch \
            file://CVE-2021-3421.patch \
            file://CVE-2021-20266.patch \
            "
-- 
2.25.1

[OE-core][dunfell 13/20] cmake: remove bogus CMAKE_LDFLAGS_FLAGS definition from toolchain file

[Steve Sakoman]

From: Martin Beeger <martin.beeger@online.de>

As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake. The variable CMAKE_LDFLAGS_FLAGS is spelled incorrectly, cmake expects
CMAKE_SHARED_LINKER_FLAGS, CMAKE_STATIC_LINKER_FLAGS, CMAKE_EXE_LINKER_FLAGS and
CMAKE_MODULE_LINKER_FLAGS to be set instead. As cmake already correctly initializes
these from environment there is no need to specify the linker flags in the toolchain
file at all. So this just removes the variable, as its value was also set wrong.

Signed-off-by: Martin Beeger <martin.beeger@online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52e59a5b37f55905ee693a99f9ffc34ed41b4283)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
index 398069eef2..f8af79ddd5 100644
--- a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
+++ b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
@@ -2,7 +2,6 @@ set( CMAKE_SYSTEM_NAME Linux )
 set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE )
 set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS}  CACHE STRING "" FORCE )
 set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE )
-set( CMAKE_LDFLAGS_FLAGS ${CMAKE_CXX_FLAGS} CACHE STRING "" FORCE )
 set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} )
 
 set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} )
-- 
2.25.1

[OE-core][dunfell 14/20] linux-yocto/5.4: update to v5.4.173

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    4aa2e7393e14 Linux 5.4.173
    e245aaefef39 ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
    d40f6eeaf513 mtd: fixup CFI on ixp4xx
    1451deb164e1 ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
    7b98f61b8388 KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
    5c69ba9e80f0 firmware: qemu_fw_cfg: fix kobject leak in probe error path
    1cc36ed56138 firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
    b543e4141570 firmware: qemu_fw_cfg: fix sysfs information leak
    b25e9ef29d8f rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
    8716657b1b4b media: uvcvideo: fix division by zero at stream start
    70ae85ca124e KVM: s390: Clarify SIGP orders versus STOP/RESTART
    9b45f2007ea3 perf: Protect perf_guest_cbs with RCU
    bd2aed0464ae vfs: fs_context: fix up param length parsing in legacy_parse_param
    c2f067d4ad4a orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
    5d6af67307e8 devtmpfs regression fix: reconfigure on each mount
    c117b116e6b3 kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 9e8281c7a1..8e5a0ae5e0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "e92d76afe6d8592917c0e7b948912c085e661df2"
-SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
+SRCREV_machine ?= "04f6e2728373decb06b2c159cdf599c8813a7ea2"
+SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.172"
+LINUX_VERSION ?= "5.4.173"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index a75570df93..53f85c8cd4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.172"
+LINUX_VERSION ?= "5.4.173"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "10b4756eee78aa43ff9ed64da700ec6e8d97ff22"
-SRCREV_machine ?= "6ab93fdc53b64e146e4f16363375c1beb37b82e4"
-SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
+SRCREV_machine_qemuarm ?= "dd1d37cf1243bb0194f63992294c386b91b883ee"
+SRCREV_machine ?= "149a477216fedee100a2a7c749d7876a5af18c3d"
+SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 2d7f7559e5..ad22072ddf 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "8de1da3dc354dedef2e435e694eec6d6e72c9822"
-SRCREV_machine_qemuarm64 ?= "eed7c0a64f3a7a91a130bc2e507304dc8b446a31"
-SRCREV_machine_qemumips ?= "996a9660e4fab70db5cecec9c831141cd03c3d36"
-SRCREV_machine_qemuppc ?= "0197cf5754b1bd4eb035c342af9cc27e8c3339ca"
-SRCREV_machine_qemuriscv64 ?= "c6b015510134942076c0e111e56357656acf3dd5"
-SRCREV_machine_qemux86 ?= "c6b015510134942076c0e111e56357656acf3dd5"
-SRCREV_machine_qemux86-64 ?= "c6b015510134942076c0e111e56357656acf3dd5"
-SRCREV_machine_qemumips64 ?= "fe2769a7c268ed224ec70fd2aaab850e4eef70dc"
-SRCREV_machine ?= "c6b015510134942076c0e111e56357656acf3dd5"
-SRCREV_meta ?= "98cce1c95fcc9a26965cbc5f038fd71d53c387c8"
+SRCREV_machine_qemuarm ?= "7d8ca1d1b0891c023c74d79ea39e045d1a794077"
+SRCREV_machine_qemuarm64 ?= "79e8b8d059d36f1c2e7e20e38f883ea8c7381ffa"
+SRCREV_machine_qemumips ?= "bed90b69d8120029e8b362166c11437a257b9fdc"
+SRCREV_machine_qemuppc ?= "e886407de7b10259c99c61f9538af43181f2fec3"
+SRCREV_machine_qemuriscv64 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
+SRCREV_machine_qemux86 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
+SRCREV_machine_qemux86-64 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
+SRCREV_machine_qemumips64 ?= "20b16bf3c848f34be5b747f27c4cfc1237bcefbd"
+SRCREV_machine ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
+SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.172"
+LINUX_VERSION ?= "5.4.173"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 15/20] linux-yocto/5.4: update to v5.4.176

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    2570bb2729c7 Linux 5.4.176
    5e2a4d02252f mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
    6cbf4c731d78 block: Fix wrong offset in bio_truncate()
    33a9ba52d5ea fsnotify: invalidate dcache before IN_DELETE event
    b52103cbb659 dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
    e913171594ea ipv4: remove sparse error in ip_neigh_gw4()
    c30ecdba9e5a ipv4: tcp: send zero IPID in SYNACK messages
    51dde4ae5a37 ipv4: raw: lock the socket in raw_bind()
    2d334469c29e net: hns3: handle empty unknown interrupt for VF
    7afc09c8915b yam: fix a memory leak in yam_siocdevprivate()
    51edc483af6c drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
    a15ed3e9887f ibmvnic: don't spin in tasklet
    c09702f43a6a ibmvnic: init ->running_cap_crqs early
    86217a4ebd18 hwmon: (lm90) Mark alert as broken for MAX6654
    18684bb996f3 rxrpc: Adjust retransmission backoff
    f39027cbada4 phylib: fix potential use-after-free
    218cccb52124 net: phy: broadcom: hook up soft_reset for BCM54616S
    0d26470b25d2 netfilter: conntrack: don't increment invalid counter on NF_REPEAT
    abcb9d80a4a5 NFS: Ensure the server has an up to date ctime before renaming
    30965c768217 NFS: Ensure the server has an up to date ctime before hardlinking
    cdfaf8e985f8 ipv6: annotate accesses to fn->fn_sernum
    581317b1f001 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
    b3e3d584f0f1 drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
    4abd2a7735e1 drm/msm: Fix wrong size calculation
    9f0a6acac4a1 net-procfs: show net devices bound packet types
    4fd45ff2b404 NFSv4: nfs_atomic_open() can race when looking up a non-regular file
    0dfacee40021 NFSv4: Handle case where the lookup of a directory fails
    c27abaa040f3 hwmon: (lm90) Reduce maximum conversion rate for G781
    1f748455a8f0 ipv4: avoid using shared IP generator for connected sockets
    ca5355771ca8 ping: fix the sk_bound_dev_if match in ping_lookup
    0b567a24addc hwmon: (lm90) Mark alert as broken for MAX6680
    b63031651a05 hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
    e372ecd455b6 net: fix information leakage in /proc/net/ptype
    20b7af413153 ipv6_tunnel: Rate limit warning messages
    bf2bd892a0cb scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
    d380beb5e58d rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
    da27b834c1e0 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
    cb24af19e5a7 i40e: fix unsigned stat widths
    be6998f232b8 i40e: Fix queues reservation for XDP
    b16f1a078d63 i40e: Fix issue when maximum queues is exceeded
    f18aadbdf6ad i40e: Increase delay to 1 s after global EMP reset
    7e94539448ed powerpc/32: Fix boot failure with GCC latent entropy plugin
    ff19d70b665d net: sfp: ignore disabled SFP node
    5ede72d48cab ucsi_ccg: Check DEV_INT bit only when starting CCG4
    3922b6e1c9ea usb: typec: tcpm: Do not disconnect while receiving VBUS off
    9c61fce322ac USB: core: Fix hang in usb_kill_urb by adding memory barriers
    4fc6519bdecb usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
    64e671a22163 usb: common: ulpi: Fix crash in ulpi_match()
    d66dc656c5f9 usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
    a06cba5ad125 tty: Add support for Brainboxes UC cards.
    f5e6c946732a tty: n_gsm: fix SW flow control encoding/handling
    05b330118888 serial: stm32: fix software flow control transfer
    0b92eda2d801 serial: 8250: of: Fix mapped region size when using reg-offset property
    2bf7dee6f423 netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
    a6d588572568 arm64: errata: Fix exec handling in erratum 1418040 workaround
    5cbcd1f5a20a drm/etnaviv: relax submit size limits
    5463cfd83397 fsnotify: fix fsnotify hooks in pseudo filesystems
    1614bd844eef tracing: Don't inc err_log entry count if entry allocation fails
    8a8878ebb596 tracing/histogram: Fix a potential memory leak for kstrdup()
    73578a9b2b72 PM: wakeup: simplify the output logic of pm_show_wakelocks()
    31136e5467f3 udf: Fix NULL ptr deref when converting from inline format
    86bcc670d300 udf: Restore i_lenAlloc when inode expansion fails
    c54445af64ca scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
    4d041e75c4c4 s390/hypfs: include z/VM guests with access control group set
    835d37068525 Bluetooth: refactor malicious adv data check
    7cdf2951f80d Linux 5.4.175
    84b1259fe36a drm/vmwgfx: Fix stale file descriptors on failed usercopy
    16895e4eac36 select: Fix indefinitely sleeping task in poll_schedule_timeout()
    53d5b08d8e98 mmc: sdhci-esdhc-imx: disable CMDQ support
    c3fa7ce43cdd ARM: dts: gpio-ranges property is now required
    75278f1aff5e pinctrl: bcm2835: Change init order for gpio hogs
    0d006bb08d76 pinctrl: bcm2835: Add support for wake-up interrupts
    08fd6274380a pinctrl: bcm2835: Match BCM7211 compatible string
    ac3daf50c150 pinctrl: bcm2835: Add support for all GPIOs on BCM2711
    e5237171117c pinctrl: bcm2835: Refactor platform data
    33e48b5305eb pinctrl: bcm2835: Drop unused define
    75ca9c1d96c7 rcu: Tighten rcu_advance_cbs_nowake() checks
    1b5553c79d52 drm/i915: Flush TLBs before releasing backing store
    411d8da1c843 Linux 5.4.174
    2c9650faa19c Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
    d106693dfd21 mtd: nand: bbt: Fix corner case in bad block table handling
    0c1b20381926 lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
    a836180fc53a lib82596: Fix IRQ check in sni_82596_probe
    3903f65a5a9f scripts/dtc: dtx_diff: remove broken example from help text
    b0e5b352fe12 dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
    e3e561707c28 dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
    810d3fac215d net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
    e81d42e5445a bcmgenet: add WOL IRQ check
    3bd7629eb8b2 net_sched: restore "mpu xxx" handling
    918b3dbf0315 arm64: dts: qcom: msm8996: drop not documented adreno properties
    1e0e01eb2589 dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
    ca48aa7de702 dmaengine: at_xdmac: Fix lld view setting
    0366901b7b02 dmaengine: at_xdmac: Fix concurrency over xfers_list
    d56e1fcb7b5b dmaengine: at_xdmac: Print debug message after realeasing the lock
    7163076f252e dmaengine: at_xdmac: Don't start transactions at tx_submit level
    9fbe8ea8df20 perf script: Fix hex dump character output
    e7e3f9634ae6 libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
    91e58091a6bd gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
    1e06cb37febe xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
    d6bfcc8d9541 netns: add schedule point in ops_exit_list()
    577d3c5291dc inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
    967ec4b05918 rtc: pxa: fix null pointer dereference
    1623e00e407c net: axienet: increase default TX ring size to 128
    88d7727796a6 net: axienet: fix number of TX ring slots for available check
    d2765d89fe38 net: axienet: limit minimum TX ring size
    2612e3567665 clk: si5341: Fix clock HW provider cleanup
    7a831993a9a8 af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
    fdc1ce979061 f2fs: fix to reserve space for IO align feature
    f852afb6c072 parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
    d25fe9c255b6 net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
    682a1e0ecbda ipv4: avoid quadratic behavior in netns dismantle
    e6669fba04ad bpftool: Remove inclusion of utilities.mak from Makefiles
    9e5a74b6326b powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
    461aedcf68e0 powerpc/cell: Fix clang -Wimplicit-fallthrough warning
    261f9917648e Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
    6926d427941a dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
    d2d453940b62 RDMA/rxe: Fix a typo in opcode name
    1a3f263e05d1 RDMA/hns: Modify the mapping attribute of doorbell to device
    0cb05af4bf87 scsi: core: Show SCMD_LAST in text form
    59c7ff950915 Documentation: fix firewire.rst ABI file path error
    dafbd79e423e Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
    2ecbe50b2b8e Documentation: ACPI: Fix data node reference documentation
    49daee55004b Documentation: dmaengine: Correctly describe dmatest with channel unset
    05594394dc27 media: rcar-csi2: Optimize the selection PHTW register
    547ea2d23ec6 firmware: Update Kconfig help text for Google firmware
    515ca9f56833 of: base: Improve argument length mismatch error
    227afbfe47b5 drm/radeon: fix error handling in radeon_driver_open_kms
    d820cb636563 ext4: don't use the orphan list when migrating an inode
    85c121cf17fd ext4: Fix BUG_ON in ext4_bread when write quota data
    b985c8521dac ext4: set csum seed in tmp inode while migrating to extents
    6e23e0bb1a11 ext4: make sure quota gets properly shutdown on error
    86be63aea2b1 ext4: make sure to reset inode lockdep class when quota enabling fails
    e5999c49cd90 btrfs: respect the max size in the header when activating swap file
    85dc4aac7e99 btrfs: check the root node for uptodate before returning it
    eeec77bb53a5 btrfs: fix deadlock between quota enable and other quota operations
    e89514082668 xfrm: fix policy lookup for ipv6 gre packets
    09af149541d9 PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
    e904b46073a1 PCI: pci-bridge-emul: Correctly set PCIe capabilities
    ab57ac7299e2 PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
    db531b57cb50 drm/bridge: analogix_dp: Make PSR-exit block less
    17d492d39e17 drm/nouveau/kms/nv04: use vzalloc for nv04_display
    0d0e56a1a945 drm/etnaviv: limit submit sizes
    72a953efcbd6 s390/mm: fix 2KB pgtable release race
    da4e1facccc7 iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
    11604a3a6bed tracing/kprobes: 'nmissed' not showed correctly for kretprobe
    ae2e0b2f2ba3 cputime, cpuacct: Include guest time in user time in cpuacct.stat
    c526d53edd21 serial: Fix incorrect rs485 polarity on uart open
    19a61f92fa6b fuse: Pass correct lend value to filemap_write_and_wait_range()
    8130a1c0bf8a ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
    011024b0f695 crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
    973669290ad3 crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
    0c0fd11c9c77 crypto: omap-aes - Fix broken pm_runtime_and_get() usage
    b728b5295d1b rpmsg: core: Clean up resources on announce_create failure.
    9e2c8bd78488 power: bq25890: Enable continuous conversion for ADC at charging
    f16a5bce3fd3 ASoC: mediatek: mt8173: fix device_node leak
    5d635c25983e scsi: sr: Don't use GFP_DMA
    1785538d273c MIPS: Octeon: Fix build errors using clang
    bb7d1de681f9 i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
    6abdf6722cd2 MIPS: OCTEON: add put_device() after of_find_device_by_node()
    2a8870f5cb2a powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
    2dbb618e241a ALSA: seq: Set upper limit of processed events
    1ad4f94630c0 scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
    73ed9127b8e8 w1: Misuse of get_user()/put_user() reported by sparse
    b8e5376c273c KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
    aecdb1d24210 powerpc/powermac: Add missing lockdep_register_key()
    2c146cf97bcb clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
    e441d3cb760b i2c: mpc: Correct I2C reset procedure
    f231d1d22bad powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
    aca56c298e2a i2c: i801: Don't silently correct invalid transfer size
    aea9d368480f powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
    5a3cda54ffd0 powerpc/btext: add missing of_node_put
    fd0135fc6f0a powerpc/cell: add missing of_node_put
    67329fb6a8e2 powerpc/powernv: add missing of_node_put
    5bea763aec17 powerpc/6xx: add missing of_node_put
    ecfe73aec681 parisc: Avoid calling faulthandler_disabled() twice
    5e126f68808c random: do not throw away excess input to crng_fast_load
    8f6cecfff36c serial: core: Keep mctrl register state and cached copy in sync
    6f7bd9f7c893 serial: pl010: Drop CR register reset on set_termios
    c5e156a62744 regulator: qcom_smd: Align probe function with rpmh-regulator
    4a55b02b647e net: gemini: allow any RGMII interface mode
    4bee2316c574 net: phy: marvell: configure RGMII delays for 88E1118
    b3fbe7565f8e dm space map common: add bounds check to sm_ll_lookup_bitmap()
    052f64013701 dm btree: add a defensive bounds check to insert_at()
    aaefb1833309 mac80211: allow non-standard VHT MCS-10/11
    5253794b19f6 net: mdio: Demote probed message to debug print
    8508caebe60e btrfs: remove BUG_ON(!eie) in find_parent_nodes
    7d4f4075e78b btrfs: remove BUG_ON() in find_parent_nodes()
    ba72fa2cb2f2 ACPI: battery: Add the ThinkPad "Not Charging" quirk
    7c366d75a44a drm/amdgpu: fixup bad vram size on gmc v8
    88b5abc0c61d ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
    de85f5861894 ACPICA: Fix wrong interpretation of PCC address
    1fa8e71d0022 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
    aee78b668ef5 ACPICA: Utilities: Avoid deleting the same object twice in a row
    a4c6cde223d2 ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
    56c308c7302b jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
    c02454b3c85b um: registers: Rename function names to avoid conflicts and build problems
    51b44e9b14a6 iwlwifi: mvm: Fix calculation of frame length
    95017cf0a367 iwlwifi: remove module loading failure message
    0446cafa843e iwlwifi: fix leaks/bad data after failed firmware load
    c8fe499c4565 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
    46fdba26cdff usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
    8ac2cf0253a5 cpufreq: Fix initialization of min and max frequency QoS requests
    bfcc1e9c2e00 arm64: tegra: Adjust length of CCPLEX cluster MMIO region
    65816c103476 arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
    dcf1d9f76f71 audit: ensure userspace is penalized the same as the kernel when under pressure
    5cc8a367851b mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
    3a7f37eb2083 media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
    71b6d05db553 media: igorplugusb: receiver overflow should be reported
    1af9e1d4885a HID: quirks: Allow inverting the absolute X/Y values
    75f7885dc257 bpf: Do not WARN in bpf_warn_invalid_xdp_action()
    086181b0ffde net: bonding: debug: avoid printing debug logs when bond is not notifying peers
    fcd7e8ccc437 x86/mce: Mark mce_read_aux() noinstr
    a0d171398dcd x86/mce: Mark mce_end() noinstr
    bca5aa920274 x86/mce: Mark mce_panic() noinstr
    2481ee0ce59c gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
    743911a2bf8b net: phy: prefer 1000baseT over 1000baseKX
    a5d8e6189b13 net-sysfs: update the queue counts in the unregistration path
    d08cc0223a78 ath10k: Fix tx hanging
    054281b3548d iwlwifi: mvm: synchronize with FW after multicast commands
    fe791612afab media: m920x: don't use stack on USB reads
    a821532ce5ec media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
    b867a9c3de09 media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
    ff867910e87c x86/mm: Flush global TLB when switching to trampoline page-table
    16f2ef98cccf floppy: Add max size check for user space request
    3ad5c9e50263 usb: uhci: add aspeed ast2600 uhci support
    c27a52321190 rsi: Fix out-of-bounds read in rsi_read_pkt()
    51ad4c448611 rsi: Fix use-after-free in rsi_rx_done_handler()
    ae56c5524a75 mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
    4ff69cf3b1c8 HSI: core: Fix return freed object in hsi_new_client
    009d6d9fea8c gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
    50ad94f8654a drm/bridge: megachips: Ensure both bridges are probed before registration
    c640dc459b7e mlxsw: pci: Add shutdown method in PCI driver
    f6b650941942 EDAC/synopsys: Use the quirk for version instead of ddr version
    2134ebc2d0ad media: b2c2: Add missing check in flexcop_pci_isr:
    2933aa510907 HID: apple: Do not reset quirks when the Fn key is not found
    a62523988129 drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
    0cba42c09ac8 usb: gadget: f_fs: Use stream_open() for endpoint files
    c7e4004b38aa batman-adv: allow netlink usage in unprivileged containers
    c93a934f812e ARM: shmobile: rcar-gen2: Add missing of_node_put()
    c9ec3d85c0ee drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
    3642493839af ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
    c7186605d878 drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
    58cddfe67745 fs: dlm: filter user dlm messages for kernel locks
    fa4ca508c25c Bluetooth: Fix debugfs entry leak in hci_register_dev()
    2b09cb8d92a5 of: base: Fix phandle argument length mismatch error message
    f88ccfb3f2d9 RDMA/cxgb4: Set queue pair state when being queried
    38d97204a24b mips: bcm63xx: add support for clk_set_parent()
    d12b5cfab493 mips: lantiq: add support for clk_set_parent()
    770e92dbc9f6 misc: lattice-ecp3-config: Fix task hung when firmware load failed
    458c253b2577 ASoC: samsung: idma: Check of ioremap return value
    8b894d503ed7 ASoC: mediatek: Check for error clk pointer
    41d2dc9110e0 phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
    dc03527ca12b iommu/iova: Fix race between FQ timeout and teardown
    86233ee4b4b9 dmaengine: pxa/mmp: stop referencing config->slave_id
    741a26cf3134 clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
    35d7be242cd9 ASoC: rt5663: Handle device_property_read_u32_array error codes
    200f00382f08 RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
    6314e22a998e RDMA/core: Let ib_find_gid() continue search even after empty entry
    2e89a39fd702 powerpc/powermac: Add additional missing lockdep_register_key()
    9367675e76b8 PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
    27a90275e8f7 scsi: ufs: Fix race conditions related to driver data
    b9b691de3c99 iommu/io-pgtable-arm: Fix table descriptor paddr formatting
    48fc8eebd174 binder: fix handling of error during copy
    f3c2c7f3f884 char/mwave: Adjust io port register size
    e607cd712d5d ALSA: oss: fix compile error when OSS_DEBUG is enabled
    5daf39257079 ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
    7e2ce332aacc powerpc/prom_init: Fix improper check of prom_getprop()
    506184ded655 clk: imx8mn: Fix imx8mn_clko1_sels
    852f447ce0c1 RDMA/hns: Validate the pkey index
    9927848b1ce5 ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
    79b89d3ab5a9 ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
    86fecb7f50b5 ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
    970d9082043d ext4: avoid trim error on fs with small groups
    2e5f08a5f8b5 net: mcs7830: handle usb read errors properly
    ff09d5951b81 pcmcia: fix setting of kthread task states
    f56b423bce1e can: xilinx_can: xcan_probe(): check for error irq
    58533bbd5cf1 can: softing: softing_startstop(): fix set but not used variable warning
    13af3a9b1ba6 tpm: add request_locality before write TPM_INT_ENABLE
    5d5223beb6e2 spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
    74dd45122b84 net/mlx5: Set command entry semaphore up once got index free
    2b7816b1e90e Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
    2f2336ca68b9 net/mlx5e: Don't block routes with nexthop objects in SW
    fca92bb20ced debugfs: lockdown: Allow reading debugfs files that are not world readable
    46541f21de5c HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
    f6fbc6a0502c HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
    1f660b3ff5d6 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
    3f4823c651bd HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
    1b7443f4ebf1 Bluetooth: hci_bcm: Check for error irq
    4ceb319006e8 fsl/fman: Check for null pointer after calling devm_ioremap
    e2e1ceb8ca7a staging: greybus: audio: Check null pointer
    b78473575fbe rocker: fix a sleeping in atomic bug
    385b8fe39802 ppp: ensure minimum packet size in ppp_write()
    c7a99af48c55 bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
    4e8307203d73 netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
    ad6674562819 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
    17162e260178 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
    6cdbf5b6e4cf ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
    d49992de0077 x86/mce/inject: Avoid out-of-bounds write when setting flags
    a259c73dddb3 bpftool: Enable line buffering for stdout
    eb599bf3bae5 selinux: fix potential memleak in selinux_add_opt()
    8fe5e6ed36a5 mmc: meson-mx-sdio: add IRQ check
    db6eb2f94ad7 ARM: dts: armada-38x: Add generic compatible to UART nodes
    1b10eb460dc1 usb: ftdi-elan: fix memory leak on device disconnect
    3f8edc28c02b ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
    25dfc85fceeb xfrm: state and policy should fail if XFRMA_IF_ID 0
    b34fadb521c9 xfrm: interface with if_id 0 should return error
    ba7d5b3e33a5 media: hantro: Fix probe func error path
    26cf595abd9a drm/bridge: ti-sn65dsi86: Set max register for regmap
    a6d408452c16 drm/msm/dpu: fix safe status debugfs file
    036fcde6c7d0 media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
    7089b97b46b6 media: msi001: fix possible null-ptr-deref in msi001_probe()
    04691afdbc34 media: dw2102: Fix use after free
    b153346f0ffe ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
    4c66717867b9 crypto: stm32/cryp - fix lrw chaining mode
    46d85cdd472a crypto: stm32/cryp - fix double pm exit
    17bb09710c6b crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
    fe211ebe8e14 xfrm: fix a small bug in xfrm_sa_len()
    b3e50e041b68 mwifiex: Fix possible ABBA deadlock
    236399a60ec9 rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
    b67881059f8f sched/rt: Try to restart rt period timer when rt runtime exceeded
    a26a338f4df6 media: si2157: Fix "warm" tuner state detection
    dc3b4b60a0d6 media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
    f39bd2900fd4 media: dib8000: Fix a memleak in dib8000_init()
    62bff2a806b0 Bluetooth: btmtksdio: fix resume failure
    80f81e4bcc2a staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
    9f49cf5196d9 staging: rtl8192e: return error code from rtllib_softmac_init()
    84e568531b9e floppy: Fix hang in watchdog when disk is ejected
    6a4160c9f2ec serial: amba-pl011: do not request memory region twice
    96591a7e66ba tty: serial: uartlite: allow 64 bit address
    d3aee4338f1d arm64: dts: ti: k3-j721e: Fix the L2 cache sets
    15115464eba2 drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
    46ec86ea0d02 drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
    77af47f26987 ACPI: EC: Rework flushing of EC work while suspended to idle
    f996dab1a846 arm64: dts: qcom: msm8916: fix MMC controller aliases
    54b5ab456e00 netfilter: bridge: add support for pppoe filtering
    04bb89f51cba media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
    8034d6c40e43 media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
    f77b90341055 media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
    a3c5386a515f media: imx-pxp: Initialize the spinlock prior to using it
    0410f7ac04b3 media: rcar-csi2: Correct the selection of hsfreqrange
    62866d6542ea tty: serial: atmel: Call dma_async_issue_pending()
    cd867ffa14a8 tty: serial: atmel: Check return code of dmaengine_submit()
    06d6f696873b arm64: dts: ti: k3-j721e: correct cache-sets info
    ac718d92b6dc crypto: qce - fix uaf on qce_ahash_register_one
    be6ee09c9ece media: dmxdev: fix UAF when dvb_register_device() fails
    da0b42d1c3fb tee: fix put order in teedev_close_context()
    24161b9c43de Bluetooth: stop proccessing malicious adv data
    50a981742363 arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
    e48e1d3e0f85 arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
    1221b3adf539 media: aspeed: Update signal status immediately to ensure sane hw state
    15df887c6248 media: em28xx: fix memory leak in em28xx_init_dev
    58f08f024c72 media: aspeed: fix mode-detect always time out at 2nd run
    dc644dd8a00c media: videobuf2: Fix the size printk format
    e51b0099c870 wcn36xx: Release DMA channel descriptor allocations
    2aa2da3fb522 wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
    457b05f39116 clk: bcm-2835: Remove rounding up the dividers
    aac1ed30597c clk: bcm-2835: Pick the closest clock rate
    ba4cc4968917 Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
    141a9a9cae28 drm/rockchip: dsi: Fix unbalanced clock on probe error
    bcd6bfe12be0 drm/panel: innolux-p079zca: Delete panel on attach() failure
    4c255e98aa05 drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
    5cc7480e63a3 drm/rockchip: dsi: Reconfigure hardware on resume()
    0620aabea8d8 drm/rockchip: dsi: Hold pm-runtime across bind/unbind
    6264d0fef906 shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
    9d8fb273d5ee mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
    7ad300800c43 mm_zone: add function to check if managed dma zone exists
    c4212d52f926 PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
    9e5bb22beb3c dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
    e12f983c4a3c iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
    81a026b9c33d lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    3cead5b7a88c can: softing_cs: softingcs_probe(): fix memleak on registration failure
    38e28033a56b media: stk1160: fix control-message timeouts
    0ac3d5f6f956 media: pvrusb2: fix control-message timeouts
    d1c57f558d24 media: redrat3: fix control-message timeouts
    7a9d34be181f media: dib0700: fix undefined behavior in tuner shutdown
    f64b379bde39 media: s2255: fix control-message timeouts
    3a49cd738b07 media: cpia2: fix control-message timeouts
    c9ef6e1d5025 media: em28xx: fix control-message timeouts
    c89df039e811 media: mceusb: fix control-message timeouts
    22325141e94c media: flexcop-usb: fix control-message timeouts
    7458b0189e87 media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
    023357dd2eaf rtc: cmos: take rtc_lock while reading from CMOS
    9a82bfb442b7 tools/nolibc: fix incorrect truncation of exit code
    2e83886c0420 tools/nolibc: i386: fix initial stack alignment
    aca2988eddb9 tools/nolibc: x86-64: Fix startup code bug
    a4b5d9af4af5 x86/gpu: Reserve stolen memory for first integrated Intel GPU
    f55dbf729872 mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
    29218853877a mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
    ba2539b5f958 nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
    eb116c891ba1 f2fs: fix to do sanity check in is_alive()
    bf9e52c0a9d9 HID: wacom: Avoid using stale array indicies to read contact count
    5d1023f33c6d HID: wacom: Ignore the confidence flag when a touch is removed
    60257988d6f9 HID: wacom: Reset expected and received contact counts at the same time
    898e69caad0f HID: uhid: Fix worker destroying device without any protection

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 8e5a0ae5e0..72b11c3c2d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "04f6e2728373decb06b2c159cdf599c8813a7ea2"
-SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
+SRCREV_machine ?= "b24dd7e4d381fb2b855e46428087f1d2d5a2e98f"
+SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.173"
+LINUX_VERSION ?= "5.4.176"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 53f85c8cd4..227356a126 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.173"
+LINUX_VERSION ?= "5.4.176"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "dd1d37cf1243bb0194f63992294c386b91b883ee"
-SRCREV_machine ?= "149a477216fedee100a2a7c749d7876a5af18c3d"
-SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
+SRCREV_machine_qemuarm ?= "ce298ed73f24a8529058476004cb973c86432cd9"
+SRCREV_machine ?= "0b50f433a66bfa7ff4baaf1383a53aa9bfec7b66"
+SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index ad22072ddf..be14fd4f8f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "7d8ca1d1b0891c023c74d79ea39e045d1a794077"
-SRCREV_machine_qemuarm64 ?= "79e8b8d059d36f1c2e7e20e38f883ea8c7381ffa"
-SRCREV_machine_qemumips ?= "bed90b69d8120029e8b362166c11437a257b9fdc"
-SRCREV_machine_qemuppc ?= "e886407de7b10259c99c61f9538af43181f2fec3"
-SRCREV_machine_qemuriscv64 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
-SRCREV_machine_qemux86 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
-SRCREV_machine_qemux86-64 ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
-SRCREV_machine_qemumips64 ?= "20b16bf3c848f34be5b747f27c4cfc1237bcefbd"
-SRCREV_machine ?= "9d1d023f9d659fd8678f020f3e98d735b27896fb"
-SRCREV_meta ?= "9e6e627445612ea0b6cc514bcdb879de3999f175"
+SRCREV_machine_qemuarm ?= "eecb4a32b034e7ac5f3e54f68cf5263499f79b6f"
+SRCREV_machine_qemuarm64 ?= "6786585bee3d0de9cd8886fa4be54eafd0aeac8a"
+SRCREV_machine_qemumips ?= "4fe08e5a1c9b437ad0276448cfa63c5fa1b8303b"
+SRCREV_machine_qemuppc ?= "0f5916a777fc69030480f19b097b0e9fc035f4bf"
+SRCREV_machine_qemuriscv64 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
+SRCREV_machine_qemux86 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
+SRCREV_machine_qemux86-64 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
+SRCREV_machine_qemumips64 ?= "f15ba204e8f1c7fe33b248ae19d1b0b851c7272d"
+SRCREV_machine ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
+SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.173"
+LINUX_VERSION ?= "5.4.176"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 16/20] linux-yocto/5.4: update to v5.4.178

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    76fd334f07cc Linux 5.4.178
    ed339069725a cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
    c8d7d7c58e64 ext4: fix error handling in ext4_restore_inline_data()
    f4a575eada7c EDAC/xgene: Fix deferred probing
    0f1ca7cea596 EDAC/altera: Fix deferred probing
    66c5aa5726bc rtc: cmos: Evaluate century appropriate
    2ffe36c9c4b6 selftests: futex: Use variable MAKE instead of make
    c17a316f3d53 nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
    53e4f71763c6 scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
    bfba4e8088ca pinctrl: bcm2835: Fix a few error paths
    71e60c170105 ASoC: max9759: fix underflow in speaker_gain_control_put()
    e7e396324fe2 ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
    7709133f1f7a ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
    e51b323f891f ASoC: fsl: Add missing error handling in pcm030_fabric_probe
    04698be843dc drm/i915/overlay: Prevent divide by zero bugs in scaling
    4a674b8e8a3c net: stmmac: ensure PTP time register reads are consistent
    9afc02864031 net: stmmac: dump gmac4 DMA registers correctly
    77454c9ada77 net: macsec: Verify that send_sci is on when setting Tx sci explicitly
    dc8c2f0d010c net: ieee802154: Return meaningful error codes from the netlink helpers
    6f38d3a6ec11 net: ieee802154: ca8210: Stop leaking skb's
    859ded7ac2a6 net: ieee802154: mcr20a: Fix lifs/sifs periods
    13be1165efda net: ieee802154: hwsim: Ensure proper channel selection at probe time
    8cfa026a212e spi: meson-spicc: add IRQ check in meson_spicc_probe
    fe58eb96bb41 spi: mediatek: Avoid NULL pointer crash in interrupt
    c9fc48511c65 spi: bcm-qspi: check for valid cs before applying chip select
    6e0498e24b13 iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
    5c43d46daa0d iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
    cff7faba8884 RDMA/mlx4: Don't continue event handler after memory allocation failure
    bc5d3e8b70d5 RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
    60af6e686084 IB/rdmavt: Validate remote_addr during loopback atomic tests
    4bbb6e6a1caa memcg: charge fs_context and legacy_fs_context
    2f837785c2ec Revert "ASoC: mediatek: Check for error clk pointer"
    952717785218 block: bio-integrity: Advance seed correctly for larger interval sizes
    d3533ee20e9a mm/kmemleak: avoid scanning potential huge holes
    acc887ba8833 drm/nouveau: fix off by one in BIOS boundary checking
    26b3901d20bf btrfs: fix deadlock between quota disable and qgroup rescan worker
    e680e4d30186 ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
    7e59f0554410 ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
    d8fbf567e703 ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
    66b5dd10c2b0 ALSA: hda/realtek: Add quirk for ASUS GU603
    f2c5fde84cee ALSA: usb-audio: Simplify quirk entries with a macro
    fd9a23319f16 ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
    c33402b056de ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    68fd71872428 ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
    01baaf3bede9 audit: improve audit queue handling when "audit=1" on cmdline
    b8f53f917128 Linux 5.4.177
    4fc41403f0b6 af_packet: fix data-race in packet_setsockopt / packet_setsockopt
    db6c57d2666d cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
    bd43771ee975 rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
    b1d17e920dfc net: sched: fix use-after-free in tc_new_tfilter()
    9892742f035f net: amd-xgbe: Fix skb data length underflow
    28bdf65a5612 net: amd-xgbe: ensure to reset the tx_timer_active flag
    f2a186a44e7e ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
    0e8283cbe499 cgroup-v1: Require capabilities to set release_agent
    2fd752ed77ab psi: Fix uaf issue when psi trigger is destroyed while being polled
    464da38ba827 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 72b11c3c2d..523ace3e14 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b24dd7e4d381fb2b855e46428087f1d2d5a2e98f"
-SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
+SRCREV_machine ?= "40423bc7ab2cc609f955a3dc16a0d854c1504ce3"
+SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.176"
+LINUX_VERSION ?= "5.4.178"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 227356a126..35177d4f6c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.176"
+LINUX_VERSION ?= "5.4.178"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "ce298ed73f24a8529058476004cb973c86432cd9"
-SRCREV_machine ?= "0b50f433a66bfa7ff4baaf1383a53aa9bfec7b66"
-SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
+SRCREV_machine_qemuarm ?= "f6e09845d8bf3c307da395497b21c1ff17ef575c"
+SRCREV_machine ?= "a7ba52065be4401b5d73b6b020770f7d260b7bf1"
+SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index be14fd4f8f..081052d87c 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "eecb4a32b034e7ac5f3e54f68cf5263499f79b6f"
-SRCREV_machine_qemuarm64 ?= "6786585bee3d0de9cd8886fa4be54eafd0aeac8a"
-SRCREV_machine_qemumips ?= "4fe08e5a1c9b437ad0276448cfa63c5fa1b8303b"
-SRCREV_machine_qemuppc ?= "0f5916a777fc69030480f19b097b0e9fc035f4bf"
-SRCREV_machine_qemuriscv64 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
-SRCREV_machine_qemux86 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
-SRCREV_machine_qemux86-64 ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
-SRCREV_machine_qemumips64 ?= "f15ba204e8f1c7fe33b248ae19d1b0b851c7272d"
-SRCREV_machine ?= "7cff5cd60103d5af3dd1e6b13bff1c7a9ef8e99d"
-SRCREV_meta ?= "25910e8585d93aa555c747a9aaedccbc405c5134"
+SRCREV_machine_qemuarm ?= "b3ee7c62bf5a5ce3c7e30aff6c3dd9f70a847a28"
+SRCREV_machine_qemuarm64 ?= "bf6581eba15cb43af60fda7053edaf66990c18ac"
+SRCREV_machine_qemumips ?= "05580fff716df568dc3f737b288e0e514a908572"
+SRCREV_machine_qemuppc ?= "0a016b0775980f67d686e47cc8637adec46856dc"
+SRCREV_machine_qemuriscv64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
+SRCREV_machine_qemux86 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
+SRCREV_machine_qemux86-64 ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
+SRCREV_machine_qemumips64 ?= "68f35eeca08d2a681495fd3a7b823ac34d9a97bc"
+SRCREV_machine ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
+SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.176"
+LINUX_VERSION ?= "5.4.178"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 17/20] linux-firmware: upgrade 20211216 -> 20220209

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

License-Update:
Version of some driver files updated
Added files for some drivers

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a2a64082d2a4845bebe802afed2a65dac994043)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...{linux-firmware_20211216.bb => linux-firmware_20220209.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211216.bb => linux-firmware_20220209.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb
index 07389f6982..9cb357fa90 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
                     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
                     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=79f477f9d53eedee5a65b45193785963 \
+                    file://WHENCE;md5=ed3d7426e4df06fbadcca24ebf00cc5f \
                     "
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d"
+SRC_URI[sha256sum] = "e2e46fa618414952bbf2f6920cd3abcddbef45bfb7d1352994b4bfc35394d177"
 
 inherit allarch
 
-- 
2.25.1

[OE-core][dunfell 18/20] sdk: fix search for dynamic loader

[Steve Sakoman]

From: Christian Eggers <ceggers@arri.de>

if the package "nativesdk-glibc-dbg" is installed as part of the SDK,
the existing search expression finds two files:

$OECORE_NATIVE_SYSROOT/lib/.debug/ld-linux-x86-64.so.2
$OECORE_NATIVE_SYSROOT/lib/ld-linux-x86-64.so.2

The generated relocate_sdk.sh shell script contains then an extra
newline and segfaults during SDK relocation.

Limit the search depth to 1, to avoid finding the file in the .debug
directory.

Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit baec04b936ab6b3d2039978fd568c3824cd0a501)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/toolchain-shar-relocate.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh
index 3ece04db0a..cee9adbf39 100644
--- a/meta/files/toolchain-shar-relocate.sh
+++ b/meta/files/toolchain-shar-relocate.sh
@@ -5,7 +5,7 @@ fi
 
 # fix dynamic loader paths in all ELF SDK binaries
 native_sysroot=$($SUDO_EXEC cat $env_setup_script |grep 'OECORE_NATIVE_SYSROOT='|cut -d'=' -f2|tr -d '"')
-dl_path=$($SUDO_EXEC find $native_sysroot/lib -name "ld-linux*")
+dl_path=$($SUDO_EXEC find $native_sysroot/lib -maxdepth 1 -name "ld-linux*")
 if [ "$dl_path" = "" ] ; then
 	echo "SDK could not be set up. Relocate script unable to find ld-linux.so. Abort!"
 	exit 1
-- 
2.25.1

[OE-core][dunfell 19/20] default-distrovars.inc: Switch connectivity check to a yoctoproject.org page

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

example.com is proving unreliable at present so switch to our own connectivity
page instead. That page is very simple avoiding app overhead on our web server
which was an original reason for switching to example.com.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc6b043cb75c5751b5a98afd2201aa31f9b4b9f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sanity.bbclass                     | 2 +-
 meta/conf/distro/include/default-distrovars.inc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 2325ee2747..37354af9d5 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -395,7 +395,7 @@ def check_connectivity(d):
                 msg += "    Please ensure your host's network is configured correctly.\n"
                 msg += "    If your ISP or network is blocking the above URL,\n"
                 msg += "    try with another domain name, for example by setting:\n"
-                msg += "    CONNECTIVITY_CHECK_URIS = \"https://www.yoctoproject.org/\""
+                msg += "    CONNECTIVITY_CHECK_URIS = \"https://www.example.com/\""
                 msg += "    You could also set BB_NO_NETWORK = \"1\" to disable network\n"
                 msg += "    access if all required sources are on local disk.\n"
             retval = msg
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index 0240589c81..038acc1504 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -48,4 +48,4 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}"
 # fetch from the network (and warn you if not). To disable the test set
 # the variable to be empty.
 # Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master
-CONNECTIVITY_CHECK_URIS ?= "https://www.example.com/"
+CONNECTIVITY_CHECK_URIS ?= "https://yoctoproject.org/connectivity.html"
-- 
2.25.1

[OE-core][dunfell 20/20] ruby: correctly set native/target dependencies

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

In particular libffi was missing from native, which
led to linking with host libffi instead.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 293c9f879252a814107579542e8fca9af9dde599)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/ruby/ruby.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
index 7b6d4edc61..367cd98d09 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "\
     file://LEGAL;md5=2b6d62dc0d608f34d510ca3f428110ec \
 "
 
-DEPENDS = "ruby-native zlib openssl libyaml gdbm readline libffi"
-DEPENDS_class-native = "openssl-native libyaml-native readline-native zlib-native"
+DEPENDS = "zlib openssl libyaml gdbm readline libffi"
+DEPENDS_class-target:append = " ruby-native"
 
 SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
-- 
2.25.1

Re: [OE-core][dunfell 20/20] ruby: correctly set native/target dependencies

[Konrad Weihmann]

This patch should be merged without this fix 
https://git.yoctoproject.org/poky/commit/?id=89004bc2480808576582001460e37d98143bf9a3

On 21.02.22 15:14, Steve Sakoman wrote:
> From: Alexander Kanavin <alex.kanavin@gmail.com>
> 
> In particular libffi was missing from native, which
> led to linking with host libffi instead.
> 
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 293c9f879252a814107579542e8fca9af9dde599)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>   meta/recipes-devtools/ruby/ruby.inc | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
> index 7b6d4edc61..367cd98d09 100644
> --- a/meta/recipes-devtools/ruby/ruby.inc
> +++ b/meta/recipes-devtools/ruby/ruby.inc
> @@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "\
>       file://LEGAL;md5=2b6d62dc0d608f34d510ca3f428110ec \
>   "
>   
> -DEPENDS = "ruby-native zlib openssl libyaml gdbm readline libffi"
> -DEPENDS_class-native = "openssl-native libyaml-native readline-native zlib-native"
> +DEPENDS = "zlib openssl libyaml gdbm readline libffi"
> +DEPENDS_class-target:append = " ruby-native"
>   
>   SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
>   SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#162048): https://lists.openembedded.org/g/openembedded-core/message/162048
> Mute This Topic: https://lists.openembedded.org/mt/89294107/3647476
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [kweihmann@outlook.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [OE-core][dunfell 20/20] ruby: correctly set native/target dependencies

[Steve Sakoman]

On Mon, Feb 21, 2022 at 4:17 AM Konrad Weihmann <kweihmann@outlook.com> wrote:
>
> This patch should be merged without this fix
> https://git.yoctoproject.org/poky/commit/?id=89004bc2480808576582001460e37d98143bf9a3

Thanks for reviewing Konrad!  I will add the above fix before sending
the pull request.

Steve

>
> On 21.02.22 15:14, Steve Sakoman wrote:
> > From: Alexander Kanavin <alex.kanavin@gmail.com>
> >
> > In particular libffi was missing from native, which
> > led to linking with host libffi instead.
> >
> > Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 293c9f879252a814107579542e8fca9af9dde599)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >   meta/recipes-devtools/ruby/ruby.inc | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
> > index 7b6d4edc61..367cd98d09 100644
> > --- a/meta/recipes-devtools/ruby/ruby.inc
> > +++ b/meta/recipes-devtools/ruby/ruby.inc
> > @@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "\
> >       file://LEGAL;md5=2b6d62dc0d608f34d510ca3f428110ec \
> >   "
> >
> > -DEPENDS = "ruby-native zlib openssl libyaml gdbm readline libffi"
> > -DEPENDS_class-native = "openssl-native libyaml-native readline-native zlib-native"
> > +DEPENDS = "zlib openssl libyaml gdbm readline libffi"
> > +DEPENDS_class-target:append = " ruby-native"
> >
> >   SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
> >   SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
> >
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#162048): https://lists.openembedded.org/g/openembedded-core/message/162048
> > Mute This Topic: https://lists.openembedded.org/mt/89294107/3647476
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [kweihmann@outlook.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >