* [OE-core][dunfell 00/10] Patch review
@ 2023-06-30 2:33 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 01/10] libjpeg-turbo: CVE-2020-35538 Null pointer dereference in jcopy_sample_rows() function Steve Sakoman
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for dunfell and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5542
The following changes since commit 2aa82324d43467e7c8bfbbb59570ee3306264b75:
systemd-systemctl: support instance expansion in WantedBy (2023-06-19 06:23:31 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Ashish Sharma (1):
go: Backport fix CVE-2023-29405
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.246
linux-yocto/5.4: update to v5.4.247
linux-yocto/5.4: update to v5.4.248
linux-yocto-rt/54: fix 5.4-rt build breakage
linux-yocto/5.4: cfg: fix DECNET configuration warning
Hitendra Prajapati (1):
go: fix CVE-2023-29402 & CVE-2023-29404
Ross Burton (1):
ninja: Whitelist CVE-2021-4336, wrong ninja
Vijay Anusuri (2):
libjpeg-turbo: CVE-2020-35538 Null pointer dereference in
jcopy_sample_rows() function
libcap: backport Debian patches to fix CVE-2023-2602 and CVE-2023-2603
meta/recipes-devtools/go/go-1.14.inc | 4 +
.../go/go-1.14/CVE-2023-29402.patch | 201 ++++++++
.../go/go-1.14/CVE-2023-29404.patch | 84 ++++
.../go/go-1.14/CVE-2023-29405-1.patch | 112 +++++
.../go/go-1.14/CVE-2023-29405-2.patch | 38 ++
meta/recipes-devtools/ninja/ninja_1.10.0.bb | 3 +
.../jpeg/files/CVE-2020-35538-1.patch | 457 ++++++++++++++++++
.../jpeg/files/CVE-2020-35538-2.patch | 400 +++++++++++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 2 +
.../linux/linux-yocto-rt_5.4.bb | 6 +-
.../linux/linux-yocto-tiny_5.4.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-
.../libcap/files/CVE-2023-2602.patch | 52 ++
.../libcap/files/CVE-2023-2603.patch | 58 +++
meta/recipes-support/libcap/libcap_2.32.bb | 2 +
15 files changed, 1431 insertions(+), 18 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29402.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29404.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29405-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2020-35538-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2020-35538-2.patch
create mode 100644 meta/recipes-support/libcap/files/CVE-2023-2602.patch
create mode 100644 meta/recipes-support/libcap/files/CVE-2023-2603.patch
--
2.34.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 01/10] libjpeg-turbo: CVE-2020-35538 Null pointer dereference in jcopy_sample_rows() function
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 02/10] ninja: Whitelist CVE-2021-4336, wrong ninja Steve Sakoman
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30
&
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/a46c111d9f3642f0ef3819e7298846ccc61869e0]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../jpeg/files/CVE-2020-35538-1.patch | 457 ++++++++++++++++++
.../jpeg/files/CVE-2020-35538-2.patch | 400 +++++++++++++++
.../jpeg/libjpeg-turbo_2.0.4.bb | 2 +
3 files changed, 859 insertions(+)
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2020-35538-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2020-35538-2.patch
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2020-35538-1.patch b/meta/recipes-graphics/jpeg/files/CVE-2020-35538-1.patch
new file mode 100644
index 0000000000..8a52ed01e9
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2020-35538-1.patch
@@ -0,0 +1,457 @@
+From 9120a247436e84c0b4eea828cb11e8f665fcde30 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Thu, 23 Jul 2020 21:24:38 -0500
+Subject: [PATCH] Fix jpeg_skip_scanlines() segfault w/merged upsamp
+
+The additional segfault mentioned in #244 was due to the fact that
+the merged upsamplers use a different private structure than the
+non-merged upsamplers. jpeg_skip_scanlines() was assuming the latter, so
+when merged upsampling was enabled, jpeg_skip_scanlines() clobbered one
+of the IDCT method pointers in the merged upsampler's private structure.
+
+For reasons unknown, the test image in #441 did not encounter this
+segfault (too small?), but it encountered an issue similar to the one
+fixed in 5bc43c7821df982f65aa1c738f67fbf7cba8bd69, whereby it was
+necessary to set up a dummy postprocessing function in
+read_and_discard_scanlines() when merged upsampling was enabled.
+Failing to do so caused either a segfault in merged_2v_upsample() (due
+to a NULL pointer being passed to jcopy_sample_rows()) or an error
+("Corrupt JPEG data: premature end of data segment"), depending on the
+number of scanlines skipped and whether the first scanline skipped was
+an odd- or even-numbered row.
+
+Fixes #441
+Fixes #244 (for real this time)
+
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9120a247436e84c0b4eea828cb11e8f665fcde30]
+CVE: CVE-2020-35538
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ChangeLog.md | 7 +++++
+ jdapistd.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++------
+ jdmerge.c | 46 +++++++--------------------------
+ jdmerge.h | 47 ++++++++++++++++++++++++++++++++++
+ jdmrg565.c | 10 ++++----
+ jdmrgext.c | 6 ++---
+ 6 files changed, 135 insertions(+), 53 deletions(-)
+ create mode 100644 jdmerge.h
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 2ebfe71..19d18fa 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -54,6 +54,13 @@ a 16-bit binary PGM file into an RGB image buffer.
+ generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
+ file into an extended RGB image buffer.
+
++2. Fixed segfaults or "Corrupt JPEG data: premature end of data segment" errors
++in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or 4:2:0 JPEG
++images using the merged (non-fancy) upsampling algorithms (that is, when
++setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a similar fix,
++but it did not cover all cases.
++
++
+ 2.0.3
+ =====
+
+diff --git a/jdapistd.c b/jdapistd.c
+index 2c808fa..91da642 100644
+--- a/jdapistd.c
++++ b/jdapistd.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2010, 2015-2018, D. R. Commander.
++ * Copyright (C) 2010, 2015-2018, 2020, D. R. Commander.
+ * Copyright (C) 2015, Google, Inc.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+@@ -21,6 +21,8 @@
+ #include "jinclude.h"
+ #include "jdmainct.h"
+ #include "jdcoefct.h"
++#include "jdmaster.h"
++#include "jdmerge.h"
+ #include "jdsample.h"
+ #include "jmemsys.h"
+
+@@ -304,6 +306,16 @@ noop_quantize(j_decompress_ptr cinfo, JSAMPARRAY input_buf,
+ }
+
+
++/* Dummy postprocessing function used by jpeg_skip_scanlines() */
++LOCAL(void)
++noop_post_process (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
++ JDIMENSION *in_row_group_ctr,
++ JDIMENSION in_row_groups_avail, JSAMPARRAY output_buf,
++ JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail)
++{
++}
++
++
+ /*
+ * In some cases, it is best to call jpeg_read_scanlines() and discard the
+ * output, rather than skipping the scanlines, because this allows us to
+@@ -316,11 +328,17 @@ LOCAL(void)
+ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ {
+ JDIMENSION n;
++ my_master_ptr master = (my_master_ptr)cinfo->master;
+ void (*color_convert) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION input_row, JSAMPARRAY output_buf,
+ int num_rows) = NULL;
+ void (*color_quantize) (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
+ JSAMPARRAY output_buf, int num_rows) = NULL;
++ void (*post_process_data) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
++ JDIMENSION *in_row_group_ctr,
++ JDIMENSION in_row_groups_avail,
++ JSAMPARRAY output_buf, JDIMENSION *out_row_ctr,
++ JDIMENSION out_rows_avail) = NULL;
+
+ if (cinfo->cconvert && cinfo->cconvert->color_convert) {
+ color_convert = cinfo->cconvert->color_convert;
+@@ -332,6 +350,12 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->cquantize->color_quantize = noop_quantize;
+ }
+
++ if (master->using_merged_upsample && cinfo->post &&
++ cinfo->post->post_process_data) {
++ post_process_data = cinfo->post->post_process_data;
++ cinfo->post->post_process_data = noop_post_process;
++ }
++
+ for (n = 0; n < num_lines; n++)
+ jpeg_read_scanlines(cinfo, NULL, 1);
+
+@@ -340,6 +364,9 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+
+ if (color_quantize)
+ cinfo->cquantize->color_quantize = color_quantize;
++
++ if (post_process_data)
++ cinfo->post->post_process_data = post_process_data;
+ }
+
+
+@@ -382,7 +409,7 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ {
+ my_main_ptr main_ptr = (my_main_ptr)cinfo->main;
+ my_coef_ptr coef = (my_coef_ptr)cinfo->coef;
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_master_ptr master = (my_master_ptr)cinfo->master;
+ JDIMENSION i, x;
+ int y;
+ JDIMENSION lines_per_iMCU_row, lines_left_in_iMCU_row, lines_after_iMCU_row;
+@@ -445,8 +472,16 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ main_ptr->buffer_full = FALSE;
+ main_ptr->rowgroup_ctr = 0;
+ main_ptr->context_state = CTX_PREPARE_FOR_IMCU;
+- upsample->next_row_out = cinfo->max_v_samp_factor;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ if (master->using_merged_upsample) {
++ my_merged_upsample_ptr upsample =
++ (my_merged_upsample_ptr)cinfo->upsample;
++ upsample->spare_full = FALSE;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ } else {
++ my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ upsample->next_row_out = cinfo->max_v_samp_factor;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ }
+ }
+
+ /* Skipping is much simpler when context rows are not required. */
+@@ -458,8 +493,16 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->output_scanline += lines_left_in_iMCU_row;
+ main_ptr->buffer_full = FALSE;
+ main_ptr->rowgroup_ctr = 0;
+- upsample->next_row_out = cinfo->max_v_samp_factor;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ if (master->using_merged_upsample) {
++ my_merged_upsample_ptr upsample =
++ (my_merged_upsample_ptr)cinfo->upsample;
++ upsample->spare_full = FALSE;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ } else {
++ my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ upsample->next_row_out = cinfo->max_v_samp_factor;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ }
+ }
+ }
+
+@@ -494,7 +537,14 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->output_iMCU_row += lines_to_skip / lines_per_iMCU_row;
+ increment_simple_rowgroup_ctr(cinfo, lines_to_read);
+ }
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ if (master->using_merged_upsample) {
++ my_merged_upsample_ptr upsample =
++ (my_merged_upsample_ptr)cinfo->upsample;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ } else {
++ my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ }
+ return num_lines;
+ }
+
+@@ -535,7 +585,13 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ * bit odd, since "rows_to_go" seems to be redundantly keeping track of
+ * output_scanline.
+ */
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ if (master->using_merged_upsample) {
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ } else {
++ my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
++ }
+
+ /* Always skip the requested number of lines. */
+ return num_lines;
+diff --git a/jdmerge.c b/jdmerge.c
+index dff5a35..833ad67 100644
+--- a/jdmerge.c
++++ b/jdmerge.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+ * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB
+- * Copyright (C) 2009, 2011, 2014-2015, D. R. Commander.
++ * Copyright (C) 2009, 2011, 2014-2015, 2020, D. R. Commander.
+ * Copyright (C) 2013, Linaro Limited.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+@@ -40,41 +40,13 @@
+ #define JPEG_INTERNALS
+ #include "jinclude.h"
+ #include "jpeglib.h"
++#include "jdmerge.h"
+ #include "jsimd.h"
+ #include "jconfigint.h"
+
+ #ifdef UPSAMPLE_MERGING_SUPPORTED
+
+
+-/* Private subobject */
+-
+-typedef struct {
+- struct jpeg_upsampler pub; /* public fields */
+-
+- /* Pointer to routine to do actual upsampling/conversion of one row group */
+- void (*upmethod) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+- JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf);
+-
+- /* Private state for YCC->RGB conversion */
+- int *Cr_r_tab; /* => table for Cr to R conversion */
+- int *Cb_b_tab; /* => table for Cb to B conversion */
+- JLONG *Cr_g_tab; /* => table for Cr to G conversion */
+- JLONG *Cb_g_tab; /* => table for Cb to G conversion */
+-
+- /* For 2:1 vertical sampling, we produce two output rows at a time.
+- * We need a "spare" row buffer to hold the second output row if the
+- * application provides just a one-row buffer; we also use the spare
+- * to discard the dummy last row if the image height is odd.
+- */
+- JSAMPROW spare_row;
+- boolean spare_full; /* T if spare buffer is occupied */
+-
+- JDIMENSION out_row_width; /* samples per output row */
+- JDIMENSION rows_to_go; /* counts rows remaining in image */
+-} my_upsampler;
+-
+-typedef my_upsampler *my_upsample_ptr;
+-
+ #define SCALEBITS 16 /* speediest right-shift on some machines */
+ #define ONE_HALF ((JLONG)1 << (SCALEBITS - 1))
+ #define FIX(x) ((JLONG)((x) * (1L << SCALEBITS) + 0.5))
+@@ -189,7 +161,7 @@ typedef my_upsampler *my_upsample_ptr;
+ LOCAL(void)
+ build_ycc_rgb_table(j_decompress_ptr cinfo)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ int i;
+ JLONG x;
+ SHIFT_TEMPS
+@@ -232,7 +204,7 @@ build_ycc_rgb_table(j_decompress_ptr cinfo)
+ METHODDEF(void)
+ start_pass_merged_upsample(j_decompress_ptr cinfo)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+
+ /* Mark the spare buffer empty */
+ upsample->spare_full = FALSE;
+@@ -254,7 +226,7 @@ merged_2v_upsample(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail)
+ /* 2:1 vertical sampling case: may need a spare row. */
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ JSAMPROW work_ptrs[2];
+ JDIMENSION num_rows; /* number of rows returned to caller */
+
+@@ -305,7 +277,7 @@ merged_1v_upsample(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail)
+ /* 1:1 vertical sampling case: much easier, never need a spare row. */
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+
+ /* Just do the upsampling. */
+ (*upsample->upmethod) (cinfo, input_buf, *in_row_group_ctr,
+@@ -566,11 +538,11 @@ h2v2_merged_upsample_565D(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ GLOBAL(void)
+ jinit_merged_upsampler(j_decompress_ptr cinfo)
+ {
+- my_upsample_ptr upsample;
++ my_merged_upsample_ptr upsample;
+
+- upsample = (my_upsample_ptr)
++ upsample = (my_merged_upsample_ptr)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- sizeof(my_upsampler));
++ sizeof(my_merged_upsampler));
+ cinfo->upsample = (struct jpeg_upsampler *)upsample;
+ upsample->pub.start_pass = start_pass_merged_upsample;
+ upsample->pub.need_context_rows = FALSE;
+diff --git a/jdmerge.h b/jdmerge.h
+new file mode 100644
+index 0000000..b583396
+--- /dev/null
++++ b/jdmerge.h
+@@ -0,0 +1,47 @@
++/*
++ * jdmerge.h
++ *
++ * This file was part of the Independent JPEG Group's software:
++ * Copyright (C) 1994-1996, Thomas G. Lane.
++ * libjpeg-turbo Modifications:
++ * Copyright (C) 2020, D. R. Commander.
++ * For conditions of distribution and use, see the accompanying README.ijg
++ * file.
++ */
++
++#define JPEG_INTERNALS
++#include "jpeglib.h"
++
++#ifdef UPSAMPLE_MERGING_SUPPORTED
++
++
++/* Private subobject */
++
++typedef struct {
++ struct jpeg_upsampler pub; /* public fields */
++
++ /* Pointer to routine to do actual upsampling/conversion of one row group */
++ void (*upmethod) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
++ JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf);
++
++ /* Private state for YCC->RGB conversion */
++ int *Cr_r_tab; /* => table for Cr to R conversion */
++ int *Cb_b_tab; /* => table for Cb to B conversion */
++ JLONG *Cr_g_tab; /* => table for Cr to G conversion */
++ JLONG *Cb_g_tab; /* => table for Cb to G conversion */
++
++ /* For 2:1 vertical sampling, we produce two output rows at a time.
++ * We need a "spare" row buffer to hold the second output row if the
++ * application provides just a one-row buffer; we also use the spare
++ * to discard the dummy last row if the image height is odd.
++ */
++ JSAMPROW spare_row;
++ boolean spare_full; /* T if spare buffer is occupied */
++
++ JDIMENSION out_row_width; /* samples per output row */
++ JDIMENSION rows_to_go; /* counts rows remaining in image */
++} my_merged_upsampler;
++
++typedef my_merged_upsampler *my_merged_upsample_ptr;
++
++#endif /* UPSAMPLE_MERGING_SUPPORTED */
+diff --git a/jdmrg565.c b/jdmrg565.c
+index 1b87e37..53f1e16 100644
+--- a/jdmrg565.c
++++ b/jdmrg565.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2013, Linaro Limited.
+- * Copyright (C) 2014-2015, 2018, D. R. Commander.
++ * Copyright (C) 2014-2015, 2018, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -19,7 +19,7 @@ h2v1_merged_upsample_565_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr;
+@@ -90,7 +90,7 @@ h2v1_merged_upsample_565D_internal(j_decompress_ptr cinfo,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr;
+@@ -163,7 +163,7 @@ h2v2_merged_upsample_565_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr0, outptr1;
+@@ -259,7 +259,7 @@ h2v2_merged_upsample_565D_internal(j_decompress_ptr cinfo,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr0, outptr1;
+diff --git a/jdmrgext.c b/jdmrgext.c
+index b1c27df..c9a44d8 100644
+--- a/jdmrgext.c
++++ b/jdmrgext.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2011, 2015, D. R. Commander.
++ * Copyright (C) 2011, 2015, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -25,7 +25,7 @@ h2v1_merged_upsample_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr;
+@@ -97,7 +97,7 @@ h2v2_merged_upsample_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION in_row_group_ctr,
+ JSAMPARRAY output_buf)
+ {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
+ register int y, cred, cgreen, cblue;
+ int cb, cr;
+ register JSAMPROW outptr0, outptr1;
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2020-35538-2.patch b/meta/recipes-graphics/jpeg/files/CVE-2020-35538-2.patch
new file mode 100644
index 0000000000..f86175dff0
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2020-35538-2.patch
@@ -0,0 +1,400 @@
+From a46c111d9f3642f0ef3819e7298846ccc61869e0 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Mon, 27 Jul 2020 14:21:23 -0500
+Subject: [PATCH] Further jpeg_skip_scanlines() fixes
+
+- Introduce a partial image decompression regression test script that
+ validates the correctness of jpeg_skip_scanlines() and
+ jpeg_crop_scanlines() for a variety of cropping regions and libjpeg
+ settings.
+
+ This regression test catches the following issues:
+ #182, fixed in 5bc43c7
+ #237, fixed in 6e95c08
+ #244, fixed in 398c1e9
+ #441, fully fixed in this commit
+
+ It does not catch the following issues:
+ #194, fixed in 773040f
+ #244 (additional segfault), fixed in
+ 9120a24
+
+- Modify the libjpeg-turbo regression test suite (make test) so that it
+ checks for the issue reported in #441 (segfault in
+ jpeg_skip_scanlines() when used with 4:2:0 merged upsampling/color
+ conversion.)
+
+- Fix issues in jpeg_skip_scanlines() that caused incorrect output with
+ h2v2 (4:2:0) merged upsampling/color conversion. The previous commit
+ fixed the segfault reported in #441, but that was a symptom of a
+ larger problem. Because merged 4:2:0 upsampling uses a "spare row"
+ buffer, it is necessary to allow the upsampler to run when skipping
+ rows (fancy 4:2:0 upsampling, which uses context rows, also requires
+ this.) Otherwise, if skipping starts at an odd-numbered row, the
+ output image will be incorrect.
+
+- Throw an error if jpeg_skip_scanlines() is called with two-pass color
+ quantization enabled. With two-pass color quantization, the first
+ pass occurs within jpeg_start_decompress(), so subsequent calls to
+ jpeg_skip_scanlines() interfere with the multipass state and prevent
+ the second pass from occurring during subsequent calls to
+ jpeg_read_scanlines().
+
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/a46c111d9f3642f0ef3819e7298846ccc61869e0]
+CVE: CVE-2020-35538
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ CMakeLists.txt | 9 +++--
+ ChangeLog.md | 15 +++++---
+ croptest.in | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ jdapistd.c | 70 +++++++++++--------------------------
+ libjpeg.txt | 6 ++--
+ 5 files changed, 136 insertions(+), 59 deletions(-)
+ create mode 100755 croptest.in
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index aee74c9..de451f4 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -753,7 +753,7 @@ else()
+ set(MD5_PPM_3x2_IFAST fd283664b3b49127984af0a7f118fccd)
+ set(MD5_JPEG_420_ISLOW_ARI e986fb0a637a8d833d96e8a6d6d84ea1)
+ set(MD5_JPEG_444_ISLOW_PROGARI 0a8f1c8f66e113c3cf635df0a475a617)
+- set(MD5_PPM_420M_IFAST_ARI 72b59a99bcf1de24c5b27d151bde2437)
++ set(MD5_PPM_420M_IFAST_ARI 57251da28a35b46eecb7177d82d10e0e)
+ set(MD5_JPEG_420_ISLOW 9a68f56bc76e466aa7e52f415d0f4a5f)
+ set(MD5_PPM_420M_ISLOW_2_1 9f9de8c0612f8d06869b960b05abf9c9)
+ set(MD5_PPM_420M_ISLOW_15_8 b6875bc070720b899566cc06459b63b7)
+@@ -1131,7 +1131,7 @@ foreach(libtype ${TEST_LIBTYPES})
+
+ if(WITH_ARITH_DEC)
+ # CC: RGB->YCC SAMP: h2v2 merged IDCT: ifast ENT: arith
+- add_bittest(djpeg 420m-ifast-ari "-fast;-ppm"
++ add_bittest(djpeg 420m-ifast-ari "-fast;-skip;1,20;-ppm"
+ testout_420m_ifast_ari.ppm ${TESTIMAGES}/testimgari.jpg
+ ${MD5_PPM_420M_IFAST_ARI})
+
+@@ -1266,6 +1266,11 @@ endforeach()
+ add_custom_target(testclean COMMAND ${CMAKE_COMMAND} -P
+ ${CMAKE_CURRENT_SOURCE_DIR}/cmakescripts/testclean.cmake)
+
++configure_file(croptest.in croptest @ONLY)
++add_custom_target(croptest
++ COMMAND echo croptest
++ COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/croptest)
++
+ if(WITH_TURBOJPEG)
+ configure_file(tjbenchtest.in tjbenchtest @ONLY)
+ configure_file(tjexampletest.in tjexampletest @ONLY)
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 19d18fa..4562eff 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -54,11 +54,16 @@ a 16-bit binary PGM file into an RGB image buffer.
+ generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
+ file into an extended RGB image buffer.
+
+-2. Fixed segfaults or "Corrupt JPEG data: premature end of data segment" errors
+-in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or 4:2:0 JPEG
+-images using the merged (non-fancy) upsampling algorithms (that is, when
+-setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a similar fix,
+-but it did not cover all cases.
++2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
++
++ - Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
++errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
++4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
++is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a
++similar fix, but it did not cover all cases.
++ - `jpeg_skip_scanlines()` now throws an error if two-pass color
++quantization is enabled. Two-pass color quantization never worked properly
++with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.
+
+
+ 2.0.3
+diff --git a/croptest.in b/croptest.in
+new file mode 100755
+index 0000000..7e3c293
+--- /dev/null
++++ b/croptest.in
+@@ -0,0 +1,95 @@
++#!/bin/bash
++
++set -u
++set -e
++trap onexit INT
++trap onexit TERM
++trap onexit EXIT
++
++onexit()
++{
++ if [ -d $OUTDIR ]; then
++ rm -rf $OUTDIR
++ fi
++}
++
++runme()
++{
++ echo \*\*\* $*
++ $*
++}
++
++IMAGE=vgl_6548_0026a.bmp
++WIDTH=128
++HEIGHT=95
++IMGDIR=@CMAKE_CURRENT_SOURCE_DIR@/testimages
++OUTDIR=`mktemp -d /tmp/__croptest_output.XXXXXX`
++EXEDIR=@CMAKE_CURRENT_BINARY_DIR@
++
++if [ -d $OUTDIR ]; then
++ rm -rf $OUTDIR
++fi
++mkdir -p $OUTDIR
++
++exec >$EXEDIR/croptest.log
++
++echo "============================================================"
++echo "$IMAGE ($WIDTH x $HEIGHT)"
++echo "============================================================"
++echo
++
++for PROGARG in "" -progressive; do
++
++ cp $IMGDIR/$IMAGE $OUTDIR
++ basename=`basename $IMAGE .bmp`
++ echo "------------------------------------------------------------"
++ echo "Generating test images"
++ echo "------------------------------------------------------------"
++ echo
++ runme $EXEDIR/cjpeg $PROGARG -grayscale -outfile $OUTDIR/${basename}_GRAY.jpg $IMGDIR/${basename}.bmp
++ runme $EXEDIR/cjpeg $PROGARG -sample 2x2 -outfile $OUTDIR/${basename}_420.jpg $IMGDIR/${basename}.bmp
++ runme $EXEDIR/cjpeg $PROGARG -sample 2x1 -outfile $OUTDIR/${basename}_422.jpg $IMGDIR/${basename}.bmp
++ runme $EXEDIR/cjpeg $PROGARG -sample 1x2 -outfile $OUTDIR/${basename}_440.jpg $IMGDIR/${basename}.bmp
++ runme $EXEDIR/cjpeg $PROGARG -sample 1x1 -outfile $OUTDIR/${basename}_444.jpg $IMGDIR/${basename}.bmp
++ echo
++
++ for NSARG in "" -nosmooth; do
++
++ for COLORSARG in "" "-colors 256 -dither none -onepass"; do
++
++ for Y in {0..16}; do
++
++ for H in {1..16}; do
++
++ X=$(( (Y*16)%128 ))
++ W=$(( WIDTH-X-7 ))
++ if [ $Y -le 15 ]; then
++ CROPSPEC="${W}x${H}+${X}+${Y}"
++ else
++ Y2=$(( HEIGHT-H ));
++ CROPSPEC="${W}x${H}+${X}+${Y2}"
++ fi
++
++ echo "------------------------------------------------------------"
++ echo $PROGARG $NSARG $COLORSARG -crop $CROPSPEC
++ echo "------------------------------------------------------------"
++ echo
++ for samp in GRAY 420 422 440 444; do
++ $EXEDIR/djpeg $NSARG $COLORSARG -rgb -outfile $OUTDIR/${basename}_${samp}_full.ppm $OUTDIR/${basename}_${samp}.jpg
++ convert -crop $CROPSPEC $OUTDIR/${basename}_${samp}_full.ppm $OUTDIR/${basename}_${samp}_ref.ppm
++ runme $EXEDIR/djpeg $NSARG $COLORSARG -crop $CROPSPEC -rgb -outfile $OUTDIR/${basename}_${samp}.ppm $OUTDIR/${basename}_${samp}.jpg
++ runme cmp $OUTDIR/${basename}_${samp}.ppm $OUTDIR/${basename}_${samp}_ref.ppm
++ done
++ echo
++
++ done
++
++ done
++
++ done
++
++ done
++
++done
++
++echo SUCCESS!
+diff --git a/jdapistd.c b/jdapistd.c
+index 91da642..c502909 100644
+--- a/jdapistd.c
++++ b/jdapistd.c
+@@ -306,16 +306,6 @@ noop_quantize(j_decompress_ptr cinfo, JSAMPARRAY input_buf,
+ }
+
+
+-/* Dummy postprocessing function used by jpeg_skip_scanlines() */
+-LOCAL(void)
+-noop_post_process (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+- JDIMENSION *in_row_group_ctr,
+- JDIMENSION in_row_groups_avail, JSAMPARRAY output_buf,
+- JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail)
+-{
+-}
+-
+-
+ /*
+ * In some cases, it is best to call jpeg_read_scanlines() and discard the
+ * output, rather than skipping the scanlines, because this allows us to
+@@ -329,16 +319,12 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ {
+ JDIMENSION n;
+ my_master_ptr master = (my_master_ptr)cinfo->master;
++ JSAMPARRAY scanlines = NULL;
+ void (*color_convert) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+ JDIMENSION input_row, JSAMPARRAY output_buf,
+ int num_rows) = NULL;
+ void (*color_quantize) (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
+ JSAMPARRAY output_buf, int num_rows) = NULL;
+- void (*post_process_data) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
+- JDIMENSION *in_row_group_ctr,
+- JDIMENSION in_row_groups_avail,
+- JSAMPARRAY output_buf, JDIMENSION *out_row_ctr,
+- JDIMENSION out_rows_avail) = NULL;
+
+ if (cinfo->cconvert && cinfo->cconvert->color_convert) {
+ color_convert = cinfo->cconvert->color_convert;
+@@ -350,23 +336,19 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->cquantize->color_quantize = noop_quantize;
+ }
+
+- if (master->using_merged_upsample && cinfo->post &&
+- cinfo->post->post_process_data) {
+- post_process_data = cinfo->post->post_process_data;
+- cinfo->post->post_process_data = noop_post_process;
++ if (master->using_merged_upsample && cinfo->max_v_samp_factor == 2) {
++ my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
++ scanlines = &upsample->spare_row;
+ }
+
+ for (n = 0; n < num_lines; n++)
+- jpeg_read_scanlines(cinfo, NULL, 1);
++ jpeg_read_scanlines(cinfo, scanlines, 1);
+
+ if (color_convert)
+ cinfo->cconvert->color_convert = color_convert;
+
+ if (color_quantize)
+ cinfo->cquantize->color_quantize = color_quantize;
+-
+- if (post_process_data)
+- cinfo->post->post_process_data = post_process_data;
+ }
+
+
+@@ -380,6 +362,12 @@ increment_simple_rowgroup_ctr(j_decompress_ptr cinfo, JDIMENSION rows)
+ {
+ JDIMENSION rows_left;
+ my_main_ptr main_ptr = (my_main_ptr)cinfo->main;
++ my_master_ptr master = (my_master_ptr)cinfo->master;
++
++ if (master->using_merged_upsample && cinfo->max_v_samp_factor == 2) {
++ read_and_discard_scanlines(cinfo, rows);
++ return;
++ }
+
+ /* Increment the counter to the next row group after the skipped rows. */
+ main_ptr->rowgroup_ctr += rows / cinfo->max_v_samp_factor;
+@@ -410,11 +398,16 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ my_main_ptr main_ptr = (my_main_ptr)cinfo->main;
+ my_coef_ptr coef = (my_coef_ptr)cinfo->coef;
+ my_master_ptr master = (my_master_ptr)cinfo->master;
++ my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
+ JDIMENSION i, x;
+ int y;
+ JDIMENSION lines_per_iMCU_row, lines_left_in_iMCU_row, lines_after_iMCU_row;
+ JDIMENSION lines_to_skip, lines_to_read;
+
++ /* Two-pass color quantization is not supported. */
++ if (cinfo->quantize_colors && cinfo->two_pass_quantize)
++ ERREXIT(cinfo, JERR_NOTIMPL);
++
+ if (cinfo->global_state != DSTATE_SCANNING)
+ ERREXIT1(cinfo, JERR_BAD_STATE, cinfo->global_state);
+
+@@ -472,13 +465,7 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ main_ptr->buffer_full = FALSE;
+ main_ptr->rowgroup_ctr = 0;
+ main_ptr->context_state = CTX_PREPARE_FOR_IMCU;
+- if (master->using_merged_upsample) {
+- my_merged_upsample_ptr upsample =
+- (my_merged_upsample_ptr)cinfo->upsample;
+- upsample->spare_full = FALSE;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- } else {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ if (!master->using_merged_upsample) {
+ upsample->next_row_out = cinfo->max_v_samp_factor;
+ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+ }
+@@ -493,13 +480,7 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->output_scanline += lines_left_in_iMCU_row;
+ main_ptr->buffer_full = FALSE;
+ main_ptr->rowgroup_ctr = 0;
+- if (master->using_merged_upsample) {
+- my_merged_upsample_ptr upsample =
+- (my_merged_upsample_ptr)cinfo->upsample;
+- upsample->spare_full = FALSE;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- } else {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ if (!master->using_merged_upsample) {
+ upsample->next_row_out = cinfo->max_v_samp_factor;
+ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+ }
+@@ -537,14 +518,8 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ cinfo->output_iMCU_row += lines_to_skip / lines_per_iMCU_row;
+ increment_simple_rowgroup_ctr(cinfo, lines_to_read);
+ }
+- if (master->using_merged_upsample) {
+- my_merged_upsample_ptr upsample =
+- (my_merged_upsample_ptr)cinfo->upsample;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- } else {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
++ if (!master->using_merged_upsample)
+ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- }
+ return num_lines;
+ }
+
+@@ -585,13 +560,8 @@ jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
+ * bit odd, since "rows_to_go" seems to be redundantly keeping track of
+ * output_scanline.
+ */
+- if (master->using_merged_upsample) {
+- my_merged_upsample_ptr upsample = (my_merged_upsample_ptr)cinfo->upsample;
++ if (!master->using_merged_upsample)
+ upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- } else {
+- my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample;
+- upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline;
+- }
+
+ /* Always skip the requested number of lines. */
+ return num_lines;
+diff --git a/libjpeg.txt b/libjpeg.txt
+index c50cf90..c233ecb 100644
+--- a/libjpeg.txt
++++ b/libjpeg.txt
+@@ -3,7 +3,7 @@ USING THE IJG JPEG LIBRARY
+ This file was part of the Independent JPEG Group's software:
+ Copyright (C) 1994-2013, Thomas G. Lane, Guido Vollbeding.
+ libjpeg-turbo Modifications:
+-Copyright (C) 2010, 2014-2018, D. R. Commander.
++Copyright (C) 2010, 2014-2018, 2020, D. R. Commander.
+ Copyright (C) 2015, Google, Inc.
+ For conditions of distribution and use, see the accompanying README.ijg file.
+
+@@ -750,7 +750,9 @@ multiple rows in the JPEG image.
+
+ Suspending data sources are not supported by this function. Calling
+ jpeg_skip_scanlines() with a suspending data source will result in undefined
+-behavior.
++behavior. Two-pass color quantization is also not supported by this function.
++Calling jpeg_skip_scanlines() with two-pass color quantization enabled will
++result in an error.
+
+ jpeg_skip_scanlines() will not allow skipping past the bottom of the image. If
+ the value of num_lines is large enough to skip past the bottom of the image,
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
index 6575582b0c..630b20300f 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
@@ -14,6 +14,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
file://CVE-2020-13790.patch \
file://CVE-2021-46822.patch \
+ file://CVE-2020-35538-1.patch \
+ file://CVE-2020-35538-2.patch \
"
SRC_URI[md5sum] = "d01d9e0c28c27bc0de9f4e2e8ff49855"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 02/10] ninja: Whitelist CVE-2021-4336, wrong ninja
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 01/10] libjpeg-turbo: CVE-2020-35538 Null pointer dereference in jcopy_sample_rows() function Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 03/10] go: Backport fix CVE-2023-29405 Steve Sakoman
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
(From OE-Core rev: c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a106486ad7900924a87c5869702903204a35b54)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/ninja/ninja_1.10.0.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/ninja/ninja_1.10.0.bb b/meta/recipes-devtools/ninja/ninja_1.10.0.bb
index ae3f3f1ea8..755b73a173 100644
--- a/meta/recipes-devtools/ninja/ninja_1.10.0.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.10.0.bb
@@ -29,3 +29,6 @@ do_install() {
}
BBCLASSEXTEND = "native nativesdk"
+
+# This is a different Ninja
+CVE_CHECK_WHITELIST += "CVE-2021-4336"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 03/10] go: Backport fix CVE-2023-29405
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 01/10] libjpeg-turbo: CVE-2020-35538 Null pointer dereference in jcopy_sample_rows() function Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 02/10] ninja: Whitelist CVE-2021-4336, wrong ninja Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 04/10] go: fix CVE-2023-29402 & CVE-2023-29404 Steve Sakoman
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Ashish Sharma <asharma@mvista.com>
Upstream-Status: Backport
[https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4
&
https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637]
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2023-29405-1.patch | 112 ++++++++++++++++++
.../go/go-1.14/CVE-2023-29405-2.patch | 38 ++++++
3 files changed, 152 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29405-1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 2c500e8331..ed505c01b3 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -63,6 +63,8 @@ SRC_URI += "\
file://CVE-2023-24538-3.patch \
file://CVE-2023-24539.patch \
file://CVE-2023-24540.patch \
+ file://CVE-2023-29405-1.patch \
+ file://CVE-2023-29405-2.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-1.patch
new file mode 100644
index 0000000000..70d50cc08a
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-1.patch
@@ -0,0 +1,112 @@
+From fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Thu, 4 May 2023 14:06:39 -0700
+Subject: [PATCH] [release-branch.go1.20] cmd/go,cmd/cgo: in _cgo_flags use one
+ line per flag
+
+The flags that we recorded in _cgo_flags did not use any quoting,
+so a flag containing embedded spaces was mishandled.
+Change the _cgo_flags format to put each flag on a separate line.
+That is a simple format that does not require any quoting.
+
+As far as I can tell only cmd/go uses _cgo_flags, and it is only
+used for gccgo. If this patch doesn't cause any trouble, then
+in the next release we can change to only using _cgo_flags for gccgo.
+
+Thanks to Juho Nurminen of Mattermost for reporting this issue.
+
+Updates #60306
+Fixes #60514
+Fixes CVE-2023-29405
+
+Change-Id: I36b6e188a44c80d7b9573efa577c386770bd2ba3
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1875094
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+(cherry picked from commit bcdfcadd5612212089d958bc352a6f6c90742dcc)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902228
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904345
+Reviewed-by: Michael Knyszek <mknyszek@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/501220
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: David Chase <drchase@google.com>
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+---
+Upstream-Status: Backport [https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4]
+CVE: CVE-2023-29405
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ src/cmd/cgo/out.go | 4 +++-
+ src/cmd/go/internal/work/gccgo.go | 14 ++++++-------
+ .../go/testdata/script/gccgo_link_ldflags.txt | 20 +++++++++++++++++++
+ 3 files changed, 29 insertions(+), 9 deletions(-)
+ create mode 100644 src/cmd/go/testdata/script/gccgo_link_ldflags.txt
+
+diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
+index d26f9e76a374a..d0c6fe3d4c2c2 100644
+--- a/src/cmd/cgo/out.go
++++ b/src/cmd/cgo/out.go
+@@ -47,7 +47,9 @@ func (p *Package) writeDefs() {
+
+ fflg := creat(*objDir + "_cgo_flags")
+ for k, v := range p.CgoFlags {
+- fmt.Fprintf(fflg, "_CGO_%s=%s\n", k, strings.Join(v, " "))
++ for _, arg := range v {
++ fmt.Fprintf(fflg, "_CGO_%s=%s\n", arg)
++ }
+ if k == "LDFLAGS" && !*gccgo {
+ for _, arg := range v {
+ fmt.Fprintf(fgo2, "//go:cgo_ldflag %q\n", arg)
+diff --git a/src/cmd/go/internal/work/gccgo.go b/src/cmd/go/internal/work/gccgo.go
+index 08a4c2d8166c7..a048b7f4eecef 100644
+--- a/src/cmd/go/internal/work/gccgo.go
++++ b/src/cmd/go/internal/work/gccgo.go
+@@ -280,14 +280,12 @@ func (tools gccgoToolchain) link(b *Builder, root *Action, out, importcfg string
+ const ldflagsPrefix = "_CGO_LDFLAGS="
+ for _, line := range strings.Split(string(flags), "\n") {
+ if strings.HasPrefix(line, ldflagsPrefix) {
+- newFlags := strings.Fields(line[len(ldflagsPrefix):])
+- for _, flag := range newFlags {
+- // Every _cgo_flags file has -g and -O2 in _CGO_LDFLAGS
+- // but they don't mean anything to the linker so filter
+- // them out.
+- if flag != "-g" && !strings.HasPrefix(flag, "-O") {
+- cgoldflags = append(cgoldflags, flag)
+- }
++ flag := line[len(ldflagsPrefix):]
++ // Every _cgo_flags file has -g and -O2 in _CGO_LDFLAGS
++ // but they don't mean anything to the linker so filter
++ // them out.
++ if flag != "-g" && !strings.HasPrefix(flag, "-O") {
++ cgoldflags = append(cgoldflags, flag)
+ }
+ }
+ }
+diff --git a/src/cmd/go/testdata/script/gccgo_link_ldflags.txt b/src/cmd/go/testdata/script/gccgo_link_ldflags.txt
+new file mode 100644
+index 0000000000000..4e91ae56505b6
+--- /dev/null
++++ b/src/cmd/go/testdata/script/gccgo_link_ldflags.txt
+@@ -0,0 +1,20 @@
++# Test that #cgo LDFLAGS are properly quoted.
++# The #cgo LDFLAGS below should pass a string with spaces to -L,
++# as though searching a directory with a space in its name.
++# It should not pass --nosuchoption to the external linker.
++
++[!cgo] skip
++
++go build
++
++[!exec:gccgo] skip
++
++go build -compiler gccgo
++
++-- go.mod --
++module m
++-- cgo.go --
++package main
++// #cgo LDFLAGS: -L "./ -Wl,--nosuchoption"
++import "C"
++func main() {}
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
new file mode 100644
index 0000000000..369eca581e
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
@@ -0,0 +1,38 @@
+From 1008486a9ff979dbd21c7466eeb6abf378f9c637 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Tue, 6 Jun 2023 12:51:17 -0700
+Subject: [PATCH] [release-branch.go1.20] cmd/cgo: correct _cgo_flags output
+
+For #60306
+For #60514
+
+Change-Id: I3f5d14aee7d7195030e8872e42b1d97aa11d3582
+Reviewed-on: https://go-review.googlesource.com/c/go/+/501298
+Run-TryBot: Ian Lance Taylor <iant@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: David Chase <drchase@google.com>
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+---
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637]
+CVE: CVE-2023-29405
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+
+ src/cmd/cgo/out.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
+index d0c6fe3d4c2c2..a48f52105628a 100644
+--- a/src/cmd/cgo/out.go
++++ b/src/cmd/cgo/out.go
+@@ -48,7 +48,7 @@ func (p *Package) writeDefs() {
+ fflg := creat(*objDir + "_cgo_flags")
+ for k, v := range p.CgoFlags {
+ for _, arg := range v {
+- fmt.Fprintf(fflg, "_CGO_%s=%s\n", arg)
++ fmt.Fprintf(fflg, "_CGO_%s=%s\n", k, arg)
+ }
+ if k == "LDFLAGS" && !*gccgo {
+ for _, arg := range v {
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 04/10] go: fix CVE-2023-29402 & CVE-2023-29404
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 03/10] go: Backport fix CVE-2023-29405 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 05/10] libcap: backport Debian patches to fix CVE-2023-2602 and CVE-2023-2603 Steve Sakoman
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Backport fixes for:
* CVE-2023-29402 - Upstream-Status: Backport from https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f
* CVE-2023-29404 - Upstream-Status: Backport from https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-2023-29402.patch | 201 ++++++++++++++++++
.../go/go-1.14/CVE-2023-29404.patch | 84 ++++++++
3 files changed, 287 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29402.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29404.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index ed505c01b3..ea7b9ea80f 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -65,6 +65,8 @@ SRC_URI += "\
file://CVE-2023-24540.patch \
file://CVE-2023-29405-1.patch \
file://CVE-2023-29405-2.patch \
+ file://CVE-2023-29402.patch \
+ file://CVE-2023-29404.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29402.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29402.patch
new file mode 100644
index 0000000000..01eed9fe1b
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29402.patch
@@ -0,0 +1,201 @@
+rom c160b49b6d328c86bd76ca2fff9009a71347333f Mon Sep 17 00:00:00 2001
+From: "Bryan C. Mills" <bcmills@google.com>
+Date: Fri, 12 May 2023 14:15:16 -0400
+Subject: [PATCH] [release-branch.go1.19] cmd/go: disallow package directories
+ containing newlines
+
+Directory or file paths containing newlines may cause tools (such as
+cmd/cgo) that emit "//line" or "#line" -directives to write part of
+the path into non-comment lines in generated source code. If those
+lines contain valid Go code, it may be injected into the resulting
+binary.
+
+(Note that Go import paths and file paths within module zip files
+already could not contain newlines.)
+
+Thanks to Juho Nurminen of Mattermost for reporting this issue.
+
+Updates #60167.
+Fixes #60515.
+Fixes CVE-2023-29402.
+
+Change-Id: If55d0400c02beb7a5da5eceac60f1abeac99f064
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1882606
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Russ Cox <rsc@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit 41f9046495564fc728d6f98384ab7276450ac7e2)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902229
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904343
+Reviewed-by: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Bryan Mills <bcmills@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/501218
+Run-TryBot: David Chase <drchase@google.com>
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f]
+CVE: CVE-2023-29402
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/cmd/go/internal/load/pkg.go | 4 +
+ src/cmd/go/internal/work/exec.go | 6 ++
+ src/cmd/go/script_test.go | 1 +
+ .../go/testdata/script/build_cwd_newline.txt | 100 ++++++++++++++++++
+ 4 files changed, 111 insertions(+)
+ create mode 100644 src/cmd/go/testdata/script/build_cwd_newline.txt
+
+diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
+index 369a79b..d2b63b0 100644
+--- a/src/cmd/go/internal/load/pkg.go
++++ b/src/cmd/go/internal/load/pkg.go
+@@ -1697,6 +1697,10 @@ func (p *Package) load(stk *ImportStack, bp *build.Package, err error) {
+ setError(ImportErrorf(p.ImportPath, "invalid import path %q", p.ImportPath))
+ return
+ }
++ if strings.ContainsAny(p.Dir, "\r\n") {
++ setError(fmt.Errorf("invalid package directory %q", p.Dir))
++ return
++ }
+
+ // Build list of imported packages and full dependency list.
+ imports := make([]*Package, 0, len(p.Imports))
+diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
+index 9a9650b..050b785 100644
+--- a/src/cmd/go/internal/work/exec.go
++++ b/src/cmd/go/internal/work/exec.go
+@@ -458,6 +458,12 @@ func (b *Builder) build(a *Action) (err error) {
+ b.Print(a.Package.ImportPath + "\n")
+ }
+
++ if p.Error != nil {
++ // Don't try to build anything for packages with errors. There may be a
++ // problem with the inputs that makes the package unsafe to build.
++ return p.Error
++ }
++
+ if a.Package.BinaryOnly {
+ p.Stale = true
+ p.StaleReason = "binary-only packages are no longer supported"
+diff --git a/src/cmd/go/script_test.go b/src/cmd/go/script_test.go
+index ec498bb..a1398ad 100644
+--- a/src/cmd/go/script_test.go
++++ b/src/cmd/go/script_test.go
+@@ -123,6 +123,7 @@ func (ts *testScript) setup() {
+ "devnull=" + os.DevNull,
+ "goversion=" + goVersion(ts),
+ ":=" + string(os.PathListSeparator),
++ "newline=\n",
+ }
+
+ if runtime.GOOS == "plan9" {
+diff --git a/src/cmd/go/testdata/script/build_cwd_newline.txt b/src/cmd/go/testdata/script/build_cwd_newline.txt
+new file mode 100644
+index 0000000..61c6966
+--- /dev/null
++++ b/src/cmd/go/testdata/script/build_cwd_newline.txt
+@@ -0,0 +1,100 @@
++[windows] skip 'filesystem normalizes / to \'
++[plan9] skip 'filesystem disallows \n in paths'
++
++# If the directory path containing a package to be built includes a newline,
++# the go command should refuse to even try to build the package.
++
++env DIR=$WORK${/}${newline}'package main'${newline}'func main() { panic("uh-oh")'${newline}'/*'
++
++mkdir $DIR
++cd $DIR
++exec pwd
++cp $WORK/go.mod ./go.mod
++cp $WORK/main.go ./main.go
++cp $WORK/main_test.go ./main_test.go
++
++! go build -o $devnull .
++stderr 'package example: invalid package directory .*uh-oh'
++
++! go build -o $devnull main.go
++stderr 'package command-line-arguments: invalid package directory .*uh-oh'
++
++! go run .
++stderr 'package example: invalid package directory .*uh-oh'
++
++! go run main.go
++stderr 'package command-line-arguments: invalid package directory .*uh-oh'
++
++! go test .
++stderr 'package example: invalid package directory .*uh-oh'
++
++! go test -v main.go main_test.go
++stderr 'package command-line-arguments: invalid package directory .*uh-oh'
++
++
++# Since we do preserve $PWD (or set it appropriately) for commands, and we do
++# not resolve symlinks unnecessarily, referring to the contents of the unsafe
++# directory via a safe symlink should be ok, and should not inject the data from
++# the symlink target path.
++
++[!symlink] stop 'remainder of test checks symlink behavior'
++[short] stop 'links and runs binaries'
++
++symlink $WORK${/}link -> $DIR
++
++go run $WORK${/}link${/}main.go
++! stdout panic
++! stderr panic
++stderr '^ok$'
++
++go test -v $WORK${/}link${/}main.go $WORK${/}link${/}main_test.go
++! stdout panic
++! stderr panic
++stdout '^ok$' # 'go test' combines the test's stdout into stderr
++
++cd $WORK/link
++
++! go run $DIR${/}main.go
++stderr 'package command-line-arguments: invalid package directory .*uh-oh'
++
++go run .
++! stdout panic
++! stderr panic
++stderr '^ok$'
++
++go run main.go
++! stdout panic
++! stderr panic
++stderr '^ok$'
++
++go test -v
++! stdout panic
++! stderr panic
++stdout '^ok$' # 'go test' combines the test's stdout into stderr
++
++go test -v .
++! stdout panic
++! stderr panic
++stdout '^ok$' # 'go test' combines the test's stdout into stderr
++
++
++-- $WORK/go.mod --
++module example
++go 1.19
++-- $WORK/main.go --
++package main
++
++import "C"
++
++func main() {
++ /* nothing here */
++ println("ok")
++}
++-- $WORK/main_test.go --
++package main
++
++import "testing"
++
++func TestMain(*testing.M) {
++ main()
++}
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29404.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29404.patch
new file mode 100644
index 0000000000..61336ee9ee
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29404.patch
@@ -0,0 +1,84 @@
+From bf3c8ce03e175e870763901a3850bca01381a828 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Fri, 5 May 2023 13:10:34 -0700
+Subject: [PATCH] [release-branch.go1.19] cmd/go: enforce flags with
+ non-optional arguments
+
+Enforce that linker flags which expect arguments get them, otherwise it
+may be possible to smuggle unexpected flags through as the linker can
+consume what looks like a flag as an argument to a preceding flag (i.e.
+"-Wl,-O -Wl,-R,-bad-flag" is interpreted as "-O=-R -bad-flag"). Also be
+somewhat more restrictive in the general format of some flags.
+
+Thanks to Juho Nurminen of Mattermost for reporting this issue.
+
+Updates #60305
+Fixes #60511
+Fixes CVE-2023-29404
+
+Change-Id: Icdffef2c0f644da50261cace6f43742783931cff
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1876275
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit 896779503cf754cbdac24b61d4cc953b50fe2dde)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902225
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904342
+Reviewed-by: Michael Knyszek <mknyszek@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/501217
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+Run-TryBot: David Chase <drchase@google.com>
+TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828]
+CVE: CVE-2023-29404
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/cmd/go/internal/work/security.go | 6 +++---
+ src/cmd/go/internal/work/security_test.go | 5 +++++
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go
+index a823b20..8acb6dc 100644
+--- a/src/cmd/go/internal/work/security.go
++++ b/src/cmd/go/internal/work/security.go
+@@ -177,17 +177,17 @@ var validLinkerFlags = []*lazyregexp.Regexp{
+ re(`-Wl,-Bdynamic`),
+ re(`-Wl,-berok`),
+ re(`-Wl,-Bstatic`),
+- re(`-WL,-O([^@,\-][^,]*)?`),
++ re(`-Wl,-O[0-9]+`),
+ re(`-Wl,-d[ny]`),
+ re(`-Wl,--disable-new-dtags`),
+- re(`-Wl,-e[=,][a-zA-Z0-9]*`),
++ re(`-Wl,-e[=,][a-zA-Z0-9]+`),
+ re(`-Wl,--enable-new-dtags`),
+ re(`-Wl,--end-group`),
+ re(`-Wl,--(no-)?export-dynamic`),
+ re(`-Wl,-framework,[^,@\-][^,]+`),
+ re(`-Wl,-headerpad_max_install_names`),
+ re(`-Wl,--no-undefined`),
+- re(`-Wl,-R([^@\-][^,@]*$)`),
++ re(`-Wl,-R,?([^@\-,][^,@]*$)`),
+ re(`-Wl,--just-symbols[=,]([^,@\-][^,@]+)`),
+ re(`-Wl,-rpath(-link)?[=,]([^,@\-][^,]+)`),
+ re(`-Wl,-s`),
+diff --git a/src/cmd/go/internal/work/security_test.go b/src/cmd/go/internal/work/security_test.go
+index bd707ff..7b0b7d3 100644
+--- a/src/cmd/go/internal/work/security_test.go
++++ b/src/cmd/go/internal/work/security_test.go
+@@ -220,6 +220,11 @@ var badLinkerFlags = [][]string{
+ {"-Wl,-R,@foo"},
+ {"-Wl,--just-symbols,@foo"},
+ {"../x.o"},
++ {"-Wl,-R,"},
++ {"-Wl,-O"},
++ {"-Wl,-e="},
++ {"-Wl,-e,"},
++ {"-Wl,-R,-flag"},
+ }
+
+ func TestCheckLinkerFlags(t *testing.T) {
+--
+2.25.1
+
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 05/10] libcap: backport Debian patches to fix CVE-2023-2602 and CVE-2023-2603
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 04/10] go: fix CVE-2023-29402 & CVE-2023-29404 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 06/10] linux-yocto/5.4: update to v5.4.246 Steve Sakoman
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patches from ubuntu to fix
CVE-2023-2602
CVE-2023-2603
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libcap2/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb
&
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libcap/files/CVE-2023-2602.patch | 52 +++++++++++++++++
.../libcap/files/CVE-2023-2603.patch | 58 +++++++++++++++++++
meta/recipes-support/libcap/libcap_2.32.bb | 2 +
3 files changed, 112 insertions(+)
create mode 100644 meta/recipes-support/libcap/files/CVE-2023-2602.patch
create mode 100644 meta/recipes-support/libcap/files/CVE-2023-2603.patch
diff --git a/meta/recipes-support/libcap/files/CVE-2023-2602.patch b/meta/recipes-support/libcap/files/CVE-2023-2602.patch
new file mode 100644
index 0000000000..ca04d7297a
--- /dev/null
+++ b/meta/recipes-support/libcap/files/CVE-2023-2602.patch
@@ -0,0 +1,52 @@
+Backport of:
+
+From bc6b36682f188020ee4770fae1d41bde5b2c97bb Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Wed, 3 May 2023 19:18:36 -0700
+Subject: Correct the check of pthread_create()'s return value.
+
+This function returns a positive number (errno) on error, so the code
+wasn't previously freeing some memory in this situation.
+
+Discussion:
+
+ https://stackoverflow.com/a/3581020/14760867
+
+Credit for finding this bug in libpsx goes to David Gstir of
+X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
+audit of the libcap source code in April of 2023. The audit
+was sponsored by the Open Source Technology Improvement Fund
+(https://ostif.org/).
+
+Audit ref: LCAP-CR-23-01 (CVE-2023-2602)
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libcap2/tree/debian/patches/CVE-2023-2602.patch?h=ubuntu/focal-security
+Upstream commit https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb]
+CVE: CVE-2023-2602
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psx/psx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libcap/psx.c
++++ b/libcap/psx.c
+@@ -272,7 +272,7 @@ int psx_pthread_create(pthread_t *thread
+
+ psx_wait_for_idle();
+ int ret = pthread_create(thread, attr, start_routine, arg);
+- if (ret != -1) {
++ if (ret == 0) {
+ psx_do_registration(*thread);
+ }
+ psx_resume_idle();
+@@ -287,7 +287,7 @@ int __wrap_pthread_create(pthread_t *thr
+ void *(*start_routine) (void *), void *arg) {
+ psx_wait_for_idle();
+ int ret = __real_pthread_create(thread, attr, start_routine, arg);
+- if (ret != -1) {
++ if (ret == 0) {
+ psx_do_registration(*thread);
+ }
+ psx_resume_idle();
diff --git a/meta/recipes-support/libcap/files/CVE-2023-2603.patch b/meta/recipes-support/libcap/files/CVE-2023-2603.patch
new file mode 100644
index 0000000000..cf86ac2a46
--- /dev/null
+++ b/meta/recipes-support/libcap/files/CVE-2023-2603.patch
@@ -0,0 +1,58 @@
+Backport of:
+
+From 422bec25ae4a1ab03fd4d6f728695ed279173b18 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Wed, 3 May 2023 19:44:22 -0700
+Subject: Large strings can confuse libcap's internal strdup code.
+
+Avoid something subtle with really long strings: 1073741823 should
+be enough for anybody. This is an improved fix over something attempted
+in libcap-2.55 to address some static analysis findings.
+
+Reviewing the library, cap_proc_root() and cap_launcher_set_chroot()
+are the only two calls where the library is potentially exposed to a
+user controlled string input.
+
+Credit for finding this bug in libcap goes to Richard Weinberger of
+X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security audit
+of the libcap source code in April of 2023. The audit was sponsored
+by the Open Source Technology Improvement Fund (https://ostif.org/).
+
+Audit ref: LCAP-CR-23-02 (CVE-2023-2603)
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libcap2/tree/debian/patches/CVE-2023-2603.patch?h=ubuntu/focal-security
+Upstream commit https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18]
+CVE: CVE-2023-2603
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libcap/cap_alloc.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/libcap/cap_alloc.c
++++ b/libcap/cap_alloc.c
+@@ -76,13 +76,22 @@ cap_t cap_init(void)
+ char *_libcap_strdup(const char *old)
+ {
+ __u32 *raw_data;
++ size_t len;
+
+ if (old == NULL) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
++ len = strlen(old);
++ if ((len & 0x3fffffff) != len) {
++ _cap_debug("len is too long for libcap to manage");
++ errno = EINVAL;
++ return NULL;
++ }
++ len += sizeof(__u32) + 1;
++
++ raw_data = malloc(len);
+ if (raw_data == NULL) {
+ errno = ENOMEM;
+ return NULL;
diff --git a/meta/recipes-support/libcap/libcap_2.32.bb b/meta/recipes-support/libcap/libcap_2.32.bb
index d67babb5e9..64d5190aa7 100644
--- a/meta/recipes-support/libcap/libcap_2.32.bb
+++ b/meta/recipes-support/libcap/libcap_2.32.bb
@@ -13,6 +13,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${
file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
file://0002-tests-do-not-run-target-executables.patch \
file://0001-tests-do-not-statically-link-a-test.patch \
+ file://CVE-2023-2602.patch \
+ file://CVE-2023-2603.patch \
"
SRC_URI[md5sum] = "7416119c9fdcfd0e8dd190a432c668e9"
SRC_URI[sha256sum] = "1005e3d227f2340ad1e3360ef8b69d15e3c72a29c09f4894d7aac038bd26e2be"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 06/10] linux-yocto/5.4: update to v5.4.246
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 05/10] libcap: backport Debian patches to fix CVE-2023-2602 and CVE-2023-2603 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 07/10] linux-yocto/5.4: update to v5.4.247 Steve Sakoman
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
f568a20f058f Linux 5.4.246
6c0fc4725f6f drm/edid: fix objtool warning in drm_cvt_modes()
914bf541c3bb wifi: rtlwifi: 8192de: correct checking of IQK reload
58bc9baaef92 drm/edid: Fix uninitialized variable in drm_cvt_modes()
77e442733faa RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds
a616aa258e46 RDMA/bnxt_re: Remove set but not used variable 'dev_attr'
4ffad598bff4 scsi: dpt_i2o: Do not process completions with invalid addresses
e2897f133acd scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
56a4a9dc5ed1 regmap: Account for register length when chunking
94f3bc7e84af test_firmware: fix the memory leak of the allocated firmware buffer
fb7dce686fd1 fbcon: Fix null-ptr-deref in soft_cursor
5ea6122caf51 ext4: add lockdep annotations for i_data_sem for ea_inode's
b06346ef5778 ext4: disallow ea_inodes with extended attributes
ec2a04f8fc9f ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
2e636c0c9344 ext4: add EA_INODE checking to ext4_iget()
d9de088797a0 tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
7df474125c37 selinux: don't use make's grouped targets feature yet
b18bc3c9c2c5 tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
ae7fb0c8bf80 mmc: vub300: fix invalid response handling
9d8f5797d791 wifi: rtlwifi: remove always-true condition pointed out by GCC 12
843f51766784 lib/dynamic_debug.c: use address-of operator on section symbols
0638dcc7e75f treewide: Remove uninitialized_var() usage
1eb88dccb827 kernel/extable.c: use address-of operator on section symbols
d069c7ce3995 eth: sun: cassini: remove dead code
d04adc383f32 gcc-12: disable '-Wdangling-pointer' warning for now
253d70232573 ACPI: thermal: drop an always true check
a010f8e64689 x86/boot: Wrap literal addresses in absolute_pointer()
f0bb5135553c flow_dissector: work around stack frame size warning
cd943425c6aa ata: libata-scsi: Use correct device no in ata_find_dev()
76c67ff783ac scsi: stex: Fix gcc 13 warnings
cd91ead608f0 misc: fastrpc: reject new invocations during device removal
bf1d0b84dfd2 misc: fastrpc: return -EPIPE to invocations on device removal
d5f183881529 usb: gadget: f_fs: Add unbind event before functionfs_unbind
ac388cbbd97c net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
e101e8160cf0 iio: dac: build ad5758 driver when AD5758 is selected
a87236446a62 iio: dac: mcp4725: Fix i2c_master_send() return value handling
c3b25245e3a8 iio: light: vcnl4035: fixed chip ID check
711049e31e09 HID: wacom: avoid integer overflow in wacom_intuos_inout()
4251ff7fd4a4 HID: google: add jewel USB id
f3b4e2a636d1 iio: adc: mxs-lradc: fix the order of two cleanup operations
030ca3f7b042 mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
11b084412055 atm: hide unused procfs functions
cea581b385ab ALSA: oss: avoid missing-prototype warnings
384fd08858da netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
f7e62f1b7229 wifi: b43: fix incorrect __packed annotation
8a9035110288 scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
f1e6a1097141 arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
c87334f4e705 ARM: dts: stm32: add pin map for CAN controller on stm32f7
a39f24357fdc wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
353fd22693a6 media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
66a6d704c251 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
ed47886a73db media: dvb-core: Fix use-after-free due on race condition at dvb_net
e9033a425ab2 media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
08b20cb8e5b9 media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
46e8b0fe538b media: dvb_ca_en50221: fix a size write bug
b66849f35462 media: netup_unidvb: fix irq init by register it at the end of probe
88aef84eefb3 media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
6b9a534ec5cf media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
f3c8ed7366cd media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
65033ab2f930 media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
37e36b426197 media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
64f1b8296bef media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
d16f5dc3aa09 media: dvb_demux: fix a bug for the continuity counter
a7c87057f259 ASoC: ssm2602: Add workaround for playback distortions
619f008df14e xfrm: Check if_id in inbound policy/secpath match
21ca81704611 ASoC: dwc: limit the number of overrun messages
acd5f476c16e nbd: Fix debugfs_create_dir error checking
19ce1e1f348d fbdev: stifb: Fix info entry in sti_struct on error path
aa32f2fadb4c fbdev: modedb: Add 1920x1080 at 60 Hz video mode
199f9c5430f9 media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
b950966b44f9 ARM: 9295/1: unwind:fix unwind abort for uleb128 case
a823d8e0bb02 mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
29bfbc8a63c4 watchdog: menz069_wdt: fix watchdog initialisation
0018639be2d9 mtd: rawnand: marvell: don't set the NAND frequency select
5f0043efdc24 mtd: rawnand: marvell: ensure timing values are written
6c0aacf1b4e1 net: dsa: mv88e6xxx: Increase wait after reset deactivation
94a00f1142c5 net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
dd4b5a204dfa udp6: Fix race condition in udp6_sendmsg & connect
cd4a37f0dcc9 net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
cec562fbf8c5 ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
9e6bb63e5e66 net: sched: fix NULL pointer dereference in mq_attach
2188c0f09532 net/sched: Prohibit regrafting ingress or clsact Qdiscs
80b20d528a71 net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
321f38375517 net/sched: sch_clsact: Only create under TC_H_CLSACT
5f67d33c01b3 net/sched: sch_ingress: Only create under TC_H_INGRESS
381a703220fb tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
32e9a9ee285f tcp: deny tcp_disconnect() when threads are waiting
26e830858a2b af_packet: do not use READ_ONCE() in packet_bind()
43f1402dc2e9 mtd: rawnand: ingenic: fix empty stub helper definitions
dd3773e8c8c9 amd-xgbe: fix the false linkup in xgbe_phy_status
603eec060d14 af_packet: Fix data-races of pkt_sk(sk)->num.
bab2f42d8d8a netrom: fix info-leak in nr_write_internal()
d7aeb591b101 net/mlx5: fw_tracer, Fix event handling
c7ac3ebf41ee dmaengine: pl330: rename _start to prevent build error
17d70de57248 iommu/amd: Don't block updates to GATag if guest mode is on
fa961ad9ef91 iommu/rockchip: Fix unwind goto issue
5abb81b4d762 RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
2bafc7f22db3 RDMA/bnxt_re: Refactor queue pair creation code
56446791bccd RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series
cc5a673d85a9 RDMA/efa: Fix unsupported page sizes in device
cf0b1e5482ea Linux 5.4.245
ec14c6e0a2e5 netfilter: ctnetlink: Support offloaded conntrack entry deletion
5b7d4d91c047 ipv{4,6}/raw: fix output xfrm lookup wrt protocol
6c88024cab83 binder: fix UAF caused by faulty buffer cleanup
e6183912ee90 bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
9ba28194ea50 io_uring: have io_kill_timeout() honor the request references
6de3014d4bd8 io_uring: don't drop completion lock before timer is fully initialized
b0bfceaa8c0e io_uring: always grab lock in io_cancel_async_work()
00395fd7f9a0 cdc_ncm: Fix the build warning
672e59995e70 net/mlx5: Devcom, serialize devcom registration
f42feb29bad9 net/mlx5: devcom only supports 2 ports
67637a7ee6bd fs: fix undefined behavior in bit shift for SB_NOUSER
02281c23d069 power: supply: bq24190: Call power_supply_changed() after updating input current
f6518954c146 power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
db00ef8fd609 power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
ff484163dfb6 net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
a270ca35a949 cdc_ncm: Implement the 32-bit version of NCM Transfer Block
51d0ac4577c2 Linux 5.4.244
edec0d399907 3c589_cs: Fix an error handling path in tc589_probe()
3dfc1004d9af net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
c59106f8bca1 net/mlx5: Fix error message when failing to allocate device memory
8680d838c98c forcedeth: Fix an error handling path in nv_probe()
b8db4a4e2007 ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
0099a29bc5a0 x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
c60f38c9bdcb xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
9b13972e4f23 coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
f6b610730e8f power: supply: sbs-charger: Fix INHIBITED bit for Status reg
0c5f4cec7596 power: supply: bq27xxx: Fix poll_interval handling and races on remove
dafe9136be7b power: supply: bq27xxx: Fix I2C IRQ race on remove
7b3b11964979 power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
96bfafbc7d80 power: supply: leds: Fix blink to LED on transition
011f47c8b838 ipv6: Fix out-of-bounds access in ipv6_find_tlv()
120cdad8b2ae bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
9928ce5225d6 selftests: fib_tests: mute cleanup error message
58766252f6b2 net: fix skb leak in __skb_tstamp_tx()
2b580d0f03c4 media: radio-shark: Add endpoint checks
a730feb672c7 USB: sisusbvga: Add endpoint checks
80100e0863e5 USB: core: Add routines for endpoint checks in old drivers
7e3ae83371a4 udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
9ea0c5f90a27 net: fix stack overflow when LRO is disabled for virtual interfaces
1522dc58bff8 fbdev: udlfb: Fix endpoint check
be646802b3dc debugobjects: Don't wake up kswapd from fill_pool()
4e5a7181a6c3 x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
6d091e0ddcf3 parisc: Fix flush_dcache_page() for usage from irq context
b556618baca5 selftests/memfd: Fix unknown type name build failure
04aee084a3fa x86/mm: Avoid incomplete Global INVLPG flushes
a9f5423460a6 btrfs: use nofs when cleaning up aborted transactions
4f92934d8073 gpio: mockup: Fix mode of debugfs files
da8adda57984 parisc: Allow to reboot machine after system halt
43ffe982a304 parisc: Handle kgdb breakpoints only in kernel context
f7d19a366cd2 m68k: Move signal frame following exception on 68020/030
8facb9cc168a ALSA: hda/realtek: Enable headset onLenovo M70/M90
5cc3e698c2bb ALSA: hda/ca0132: add quirk for EVGA X299 DARK
68e4c390173e mt76: mt7615: Fix build with older compilers
b558275c1b04 spi: fsl-cpm: Use 16 bit mode for large transfers with even size
d64a45c019ac spi: fsl-spi: Re-organise transfer bits_per_word adaptation
aabe8ca79139 watchdog: sp5100_tco: Immediately trigger upon starting.
aeff9e7e87c1 s390/qdio: fix do_sqbs() inline assembly constraint
ab196fe70a18 s390/qdio: get rid of register asm
a4e3c4c65ae8 vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
74e644795d37 vc_screen: rewrite vcs_size to accept vc, not inode
e9399d4ea5ee usb: gadget: u_ether: Fix host MAC address case
939cafcdf7de usb: gadget: u_ether: Convert prints to device prints
c8489e0fab18 lib/string_helpers: Introduce string_upper() and string_lower() helpers
7e15602c5073 HID: wacom: add three styli to wacom_intuos_get_tool_type
2a12339ce34f HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
b5185f1b11c7 HID: wacom: Force pen out of prox if no events have been received in a while
e0c1b35239d9 netfilter: nf_tables: hold mutex on netns pre_exit path
6236af6936dd netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
05b4105e6852 netfilter: nf_tables: stricter validation of element data
e832e4bae556 netfilter: nf_tables: allow up to 64 bytes in the set element data area
28fe10236a64 netfilter: nf_tables: add nft_setelem_parse_key()
eb5b579bd69f netfilter: nf_tables: validate registers coming from userspace.
cfe1b9719cce netfilter: nftables: statify nft_parse_register()
7c788393d453 netfilter: nftables: add nft_parse_register_store() and use it
25336cd96b03 netfilter: nftables: add nft_parse_register_load() and use it
116d53f09ff5 nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
df89b1753eb1 powerpc/64s/radix: Fix soft dirty tracking
60b9a9c8f370 tpm/tpm_tis: Disable interrupts for more Lenovo devices
a33c172c1e34 ceph: force updating the msg pointer in non-split case
6eb9ed0ab7b5 serial: Add support for Advantech PCI-1611U card
21f107a95965 statfs: enforce statfs[64] structure initialization
1eb3e32de7b1 KVM: x86: do not report a vCPU as preempted outside instruction boundaries
a88638a95407 can: kvaser_pciefd: Disable interrupts in probe error path
4579e2556767 can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
33d5a0a4985a can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
e5ac4f12074e can: kvaser_pciefd: Empty SRB buffer in probe
c0e9fb21b612 can: kvaser_pciefd: Call request_irq() before enabling interrupts
36cd7601e6b9 can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
e65811289346 can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
880482525101 ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
57fd0d122edd ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
739056188ad3 ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
4ef155ddf957 ALSA: hda: Fix Oops by 9.1 surround channel names
4f9c0a7c2726 usb: typec: altmodes/displayport: fix pin_assignment_show
33b6648d27b8 usb: dwc3: debugfs: Resume dwc3 before accessing registers
241491524ab0 USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
1f36dc41616b usb-storage: fix deadlock when a scsi command timeouts more than once
7cef7681aa77 USB: usbtmc: Fix direction for 0-length ioctl control messages
f662f856acec vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
53bf7cda160b igb: fix bit_shift to be in [1..8] range
e20105d967ab cassini: Fix a memory leak in the error handling path of cas_init_one()
e519a404a5bb wifi: iwlwifi: mvm: don't trust firmware n_channels
d0baaadd1c5e net: bcmgenet: Restore phy_stop() depending upon suspend/close
2cca63d5bc4e net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
435855b0831b net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
ed50fcab1435 drm/exynos: fix g2d_open/close helper function definitions
1550bcf2983a media: netup_unidvb: fix use-after-free at del_timer()
69055f99900b net: hns3: fix reset delay time to avoid configuration timeout
304e5cb77eb8 net: hns3: fix sending pfc frames after reset issue
d1bcc606870e erspan: get the proto with the md version for collect_md
f185ede016c9 ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
0eb3ec0a3553 ip6_gre: Make o_seqno start from 0 in native mode
304096241398 ip6_gre: Fix skb_under_panic in __gre6_xmit()
7525aa211758 serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
5a90309002cd vsock: avoid to close connected socket after the timeout
5009aead17f0 ALSA: firewire-digi00x: prevent potential use after free
b22b514209ff net: fec: Better handle pm_runtime_get() failing in .remove()
033297ef3bba af_key: Reject optional tunnel/BEET mode templates in outbound policies
912a6cff0db1 cpupower: Make TSC read per CPU for Mperf monitor
131eb9c9b1a0 ASoC: fsl_micfil: register platform component before registering cpu dai
a3714a47b401 btrfs: fix space cache inconsistency after error loading it from disk
596898303745 btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
1e453cb55014 mfd: dln2: Fix memory leak in dln2_probe()
bdc33478d5d3 phy: st: miphy28lp: use _poll_timeout functions for waits
e6e917e82de4 Input: xpad - add constants for GIP interface numbers
9fcef1e37d54 iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
4461f41ece4d clk: tegra20: fix gcc-7 constant overflow warning
c23e6383d7fe RDMA/core: Fix multiple -Warray-bounds warnings
3ed95a6f6c64 recordmcount: Fix memory leaks in the uwrite function
38a118fd545b sched: Fix KCSAN noinstr violation
cbe3063a9be1 mcb-pci: Reallocate memory region to avoid memory overlapping
d5cd2928d310 serial: 8250: Reinit port->pm on port specific driver unbind
ccb12585a735 usb: typec: tcpm: fix multiple times discover svids error
c5405c767173 HID: wacom: generic: Set battery quirk only when we see battery data
d3f32dc2ccc2 spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
bf80dbd52899 HID: logitech-hidpp: Reconcile USB and Unifying serials
e28f9de2d4d7 HID: logitech-hidpp: Don't use the USB serial for USB devices
8a65476dd1ca staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
2112c4c47d36 Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
fa57021262e9 wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
0ad8dd870aa1 wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
f6f2d16c77f9 wifi: iwlwifi: pcie: fix possible NULL pointer dereference
a7ec2f424f6e samples/bpf: Fix fout leak in hbm's run_bpf_prog
4ceedc2f8bdf f2fs: fix to drop all dirty pages during umount() if cp_error is set
8659c5f4ffaa ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
cee78217a7ae ext4: set goal start correctly in ext4_mb_normalize_request
d43b1bdb1005 gfs2: Fix inode height consistency check
410e610a96c5 scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
cc2d2b3dbfb0 lib: cpu_rmap: Avoid use after free on rmap->obj array entries
89f5055f9b0b scsi: target: iscsit: Free cmds before session free
67236cf14db3 net: Catch invalid index in XPS mapping
92af9cb86ab0 net: pasemi: Fix return type of pasemi_mac_start_tx()
644a9d5e2276 scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
c4813f858e5c ext2: Check block size validity during mount
56c7e9c39bd5 wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
c409eb45f5dd ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
710e09fd116e ACPICA: Avoid undefined behavior: applying zero offset to null pointer
99c8f2e6f33a drm/tegra: Avoid potential 32-bit integer overflow
ccae2233e993 ACPI: EC: Fix oops when removing custom query handlers
48ac727ea4a3 firmware: arm_sdei: Fix sleep from invalid context BUG
a2a5d3a584bf memstick: r592: Fix UAF bug in r592_remove due to race condition
d73e8c47675e regmap: cache: Return error in cache sync operations for REGCACHE_NONE
9b72cb394f96 drm/amd/display: Use DC_LOG_DC in the trasform pixel function
a75d9211a07f fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
196528ad4844 af_unix: Fix data races around sk->sk_shutdown.
7d17bc2d4e75 af_unix: Fix a data race of sk->sk_receive_queue->qlen.
699c9e7c9f66 net: datagram: fix data-races in datagram_poll()
1aa872e967f2 ipvlan:Fix out-of-bounds caused by unclear skb->cb
4188c5269475 net: add vlan_get_protocol_and_depth() helper
57a269d82f2e net: tap: check vlan with eth_type_vlan() method
1747aa98ab13 net: annotate sk->sk_err write from do_recvmmsg()
a507022c862e netlink: annotate accesses to nlk->cb_running
b47aae7038cc netfilter: conntrack: fix possible bug_on with enable_hooks=1
d7343f8de019 net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
42e1dafa65e2 linux/dim: Do nothing if no time delta between samples
7460ac5a66fb ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
22b8ac608af5 drm/mipi-dsi: Set the fwnode for mipi_dsi_device
d4992b2b5c68 driver core: add a helper to setup both the of_node and fwnode of a device
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 01eca24a00..a604e08822 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c705bb899d37bbd61a87a2f850e4d6f04613a908"
-SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
+SRCREV_machine ?= "5cc4655a187a2c5a1a30c6c2295fefab9c8c986d"
+SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.243"
+LINUX_VERSION ?= "5.4.246"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index c3d4ff4608..0938c3d854 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.243"
+LINUX_VERSION ?= "5.4.246"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "140d4ff6bab1e5959377d4974ade490c837ef9cc"
-SRCREV_machine ?= "66990885cd865944a093b47ee7164ef2838f75a3"
-SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
+SRCREV_machine_qemuarm ?= "ffc4cd8db8b2c495a04a9f28e2da3b4c91f30711"
+SRCREV_machine ?= "9a992a65fe0346b8a7a86ffb2c491dadecada05a"
+SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index c361f0c701..28ef51f883 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "3c105623bdba36118195e9c188d728edcc00345a"
-SRCREV_machine_qemuarm64 ?= "993c666984249097d093ee71eb3dffa0844fef6c"
-SRCREV_machine_qemumips ?= "2469bc35f1c2ef5ab2e85b7b705b32e33c6350c7"
-SRCREV_machine_qemuppc ?= "98229034b888ad319d7d030d279381a671c41dc0"
-SRCREV_machine_qemuriscv64 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
-SRCREV_machine_qemux86 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
-SRCREV_machine_qemux86-64 ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
-SRCREV_machine_qemumips64 ?= "fb1936fa93be6bfd1b18cd8568cfc5b279904fa5"
-SRCREV_machine ?= "ba7e46214a9d60247170245cc09e2e1faf6622a1"
-SRCREV_meta ?= "c7d5b73674d53f51772862b951d8cc56683ef04f"
+SRCREV_machine_qemuarm ?= "0682b6432f4fb3931fc5a32938ae2957e97ad3fd"
+SRCREV_machine_qemuarm64 ?= "736062be272094d22416e228b92560302298f9fd"
+SRCREV_machine_qemumips ?= "db77f08d3d5176d1b079195beefd558a32e18b69"
+SRCREV_machine_qemuppc ?= "1dbaf2ab5019f7d114b2c309eb7539828f93f10b"
+SRCREV_machine_qemuriscv64 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
+SRCREV_machine_qemux86 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
+SRCREV_machine_qemux86-64 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
+SRCREV_machine_qemumips64 ?= "19c1ba85d643f819cf3e62ee57d05eec2855e97e"
+SRCREV_machine ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
+SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.243"
+LINUX_VERSION ?= "5.4.246"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 07/10] linux-yocto/5.4: update to v5.4.247
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 06/10] linux-yocto/5.4: update to v5.4.246 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 08/10] linux-yocto/5.4: update to v5.4.248 Steve Sakoman
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
61a2f83e4762 Linux 5.4.247
4b0199bc8189 Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
85258ae30708 mtd: spinand: macronix: Add support for MX35LFxGE4AD
8e546674031f btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
4223d91ca1b5 btrfs: check return value of btrfs_commit_transaction in relocation
a35d89d3605b rbd: get snapshot context after exclusive lock is ensured to be held
52a40eaa55d6 drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
2cc5d40e4d49 cifs: handle empty list of targets in cifs_reconnect()
307ffb716282 cifs: get rid of unused parameter in reconn_setup_dfs_targets()
73ed7996bbec ext4: only check dquot_initialize_needed() when debugging
7d0a29c74a31 eeprom: at24: also select REGMAP
0360652bf6ab i2c: sprd: Delete i2c adapter in .remove's error path
c73f1c2f6816 bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
ec946898039a usb: usbfs: Use consistent mmap functions
0147952d158b usb: usbfs: Enforce page requirements for mmap
090878903dd3 pinctrl: meson-axg: add missing GPIOA_18 gpio group
c6e842555050 rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
69653f941619 Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
953335a377b6 ceph: fix use-after-free bug for inodes when flushing capsnaps
2416bac0e7b2 can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
bf0245bd44c0 can: j1939: change j1939_netdev_lock type to mutex
9eed68d62e2a can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
2fc62d51d3e4 drm/amdgpu: fix xclk freq on CHIP_STONEY
e752bb1c039f ALSA: hda/realtek: Add Lenovo P3 Tower platform
ca599db7a5e0 ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
d5ca4799e6d3 Input: psmouse - fix OOB access in Elantech protocol
282a96e3f88f Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
a3a99a069eb9 batman-adv: Broken sync while rescheduling delayed work
df7044fc099b bnxt_en: Query default VLAN before VNIC setup on a VF
a6ca81297392 lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
198da74a4e8d net: sched: fix possible refcount leak in tc_chain_tmplt_add()
8f7cbd6d5e39 net: sched: move rtm_tca_policy declaration to include file
b8b90f92444b rfs: annotate lockless accesses to RFS sock flow table
28ac3cf2ac21 rfs: annotate lockless accesses to sk->sk_rxhash
a4c72805fda4 netfilter: ipset: Add schedule point in call_ad().
0b705ed9d403 netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
c2c6133eebaf Bluetooth: L2CAP: Add missing checks for invalid DCID
0f841f80390d Bluetooth: Fix l2cap_disconnect_req deadlock
b0b1b97702a5 net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
7e0da73ce546 neighbour: fix unaligned access to pneigh_entry
314713ff4c9b neighbour: Replace zero-length array with flexible-array member
e96f52705a63 spi: qup: Request DMA before enabling clocks
1cc6435cd704 i40e: fix build warnings in i40e_alloc.h
fc75b8973de4 i40iw: fix build warning in i40iw_manage_apbvt()
c425e71826e4 block/blk-iocost (gcc13): keep large values in a new enum
ec97af8e8a36 blk-iocost: avoid 64-bit division in ioc_timer_fn
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index a604e08822..8e0f7ae217 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "5cc4655a187a2c5a1a30c6c2295fefab9c8c986d"
-SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
+SRCREV_machine ?= "3ec10d880e38eb58af39c33094e455da59afd42b"
+SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.246"
+LINUX_VERSION ?= "5.4.247"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 0938c3d854..6a6787a091 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.246"
+LINUX_VERSION ?= "5.4.247"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "ffc4cd8db8b2c495a04a9f28e2da3b4c91f30711"
-SRCREV_machine ?= "9a992a65fe0346b8a7a86ffb2c491dadecada05a"
-SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
+SRCREV_machine_qemuarm ?= "5780bc7b75d300e9b90b78c9297ff4717a78a893"
+SRCREV_machine ?= "45eaa635123abc1568c35d4abd0f31cc7c4f75a9"
+SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 28ef51f883..6c9cea6993 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "0682b6432f4fb3931fc5a32938ae2957e97ad3fd"
-SRCREV_machine_qemuarm64 ?= "736062be272094d22416e228b92560302298f9fd"
-SRCREV_machine_qemumips ?= "db77f08d3d5176d1b079195beefd558a32e18b69"
-SRCREV_machine_qemuppc ?= "1dbaf2ab5019f7d114b2c309eb7539828f93f10b"
-SRCREV_machine_qemuriscv64 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
-SRCREV_machine_qemux86 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
-SRCREV_machine_qemux86-64 ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
-SRCREV_machine_qemumips64 ?= "19c1ba85d643f819cf3e62ee57d05eec2855e97e"
-SRCREV_machine ?= "31ef22a71bebca6fda5592e2dec249886c29cfbb"
-SRCREV_meta ?= "e454f2ec4c69cd5afd7d13df74dd124b856e8765"
+SRCREV_machine_qemuarm ?= "5f8520357626b4a63278e222fa32b322f9811f34"
+SRCREV_machine_qemuarm64 ?= "5aae64158e118c7c96b6b2db41aa0c565d733c47"
+SRCREV_machine_qemumips ?= "50721182f0802cab035f92538c9fe60fa32e27a6"
+SRCREV_machine_qemuppc ?= "032f6844ab616a7c3c96a27a9f7c19c56e4b37a5"
+SRCREV_machine_qemuriscv64 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
+SRCREV_machine_qemux86 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
+SRCREV_machine_qemux86-64 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
+SRCREV_machine_qemumips64 ?= "77a6c71bda43b4d11767ea3946385f6a5d2d24b6"
+SRCREV_machine ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
+SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.246"
+LINUX_VERSION ?= "5.4.247"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 08/10] linux-yocto/5.4: update to v5.4.248
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 07/10] linux-yocto/5.4: update to v5.4.247 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 09/10] linux-yocto-rt/54: fix 5.4-rt build breakage Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 10/10] linux-yocto/5.4: cfg: fix DECNET configuration warning Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest korg -stable release that comprises
the following commits:
f2b499c27a95 Linux 5.4.248
1cdc48aaff18 mmc: block: ensure error propagation for non-blk
de517032ee39 drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
d3f7f557d8a2 neighbour: delete neigh_lookup_nodev as not used
a433b85d1750 net: Remove unused inline function dst_hold_and_use()
fbc0209ae3a7 neighbour: Remove unused inline function neigh_key_eq16()
bc1ea55bf1cf afs: Fix vlserver probe RTT handling
98acd5f0ce10 selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
1140f8bc29c2 net: tipc: resize nlattr array to correct size
b83f86ba414c net: lapbether: only support ethernet devices
ec694ad393cc net/sched: cls_api: Fix lockup on flushing explicitly created chain
0456f470fa02 drm/nouveau: add nv_encoder pointer check for NULL
b1d76d16af2a drm/nouveau/kms: Don't change EDID when it hasn't actually changed
f654b8a1325f drm/nouveau/dp: check for NULL nv_connector->native_mode
2ac7be7718a1 igb: fix nvm.ops.read() error handling
44008337f80e sctp: fix an error code in sctp_sf_eat_auth()
edd3d3dc4849 ipvlan: fix bound dev checking for IPv6 l3s mode
6718478c18a4 IB/isert: Fix incorrect release of isert connection
f8a91a024ab9 IB/isert: Fix possible list corruption in CMA handler
8a867ab71302 IB/isert: Fix dead lock in ib_isert
22125be516ef IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
ea4cf04d3f19 iavf: remove mask from iavf_irq_enable_queues()
19a500f530c2 RDMA/rxe: Fix the use-before-initialization error of resp_pkts
42ab73534583 RDMA/rxe: Removed unused name from rxe_task struct
f99b6de58b5e RDMA/rxe: Remove the unused variable obj
46305daf8064 net/sched: cls_u32: Fix reference counter leak leading to overflow
88d6c1958bc0 ping6: Fix send to link-local addresses with VRF.
474e0adf29cf netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
67cafcd3e661 spi: fsl-dspi: avoid SCK glitches with continuous transfers
8231594e21d1 spi: spi-fsl-dspi: Remove unused chip->void_write_data
9d8b388a24c6 usb: dwc3: gadget: Reset num TRBs before giving back the request
94e52fac1519 serial: lantiq: add missing interrupt ack
b577b74f8f83 USB: serial: option: add Quectel EM061KGL series
6b1203ae83c3 Remove DECnet support from kernel
aad6addc17ae ALSA: hda/realtek: Add a quirk for Compaq N14JP6
def7e17c98f7 net: usb: qmi_wwan: add support for Compal RXM-G1
74bd53737372 RDMA/uverbs: Restrict usage of privileged QKEYs
a8997ffad359 nouveau: fix client work fence deletion race
01fd784b0762 powerpc/purgatory: remove PGO flags
b16bf76b3828 kexec: support purgatories with .text.hot sections
b27a5fbe3c87 nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
0dd2d8331eb4 nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
e1fb47f13970 nios2: dts: Fix tse_mac "max-frame-size" property
5e531f448e5a ocfs2: check new file size on fallocate call
f6878da39f47 ocfs2: fix use-after-free when unmounting read-only filesystem
82173fde61c7 drm:amd:amdgpu: Fix missing buffer object unlock in failure path
63afd766211b xen/blkfront: Only check REQ_FUA for writes
27447dada0b5 mips: Move initrd_start check after initrd address sanitisation.
a365600bba27 MIPS: Alchemy: fix dbdma2
6b39b06b8d5b parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
de873bce06a8 parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
28850d25a62c btrfs: handle memory allocation failure in btrfs_csum_one_bio
b31586747bae power: supply: Fix logic checking if system is running from battery
dd8804117d4b irqchip/meson-gpio: Mark OF related data as maybe unused
30ade27dbe66 regulator: Fix error checking for debugfs_create_dir
a12155f0b1b6 platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
d26edc403c0a power: supply: Ratelimit no data debug output
af44b2ddfc08 ARM: dts: vexpress: add missing cache properties
bd725832eb50 power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
82bfd14f1359 power: supply: sc27xx: Fix external_power_changed race
66d5882dcc9f power: supply: ab8500: Fix external_power_changed race
a8f286bfbc71 s390/dasd: Use correct lock while counting channel queue length
d60be47f4357 dasd: refactor dasd_ioctl_information
7f3bb75a0484 KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
75d9e00f65cd test_firmware: fix a memory leak with reqs buffer
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 8e0f7ae217..a98a64110a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "3ec10d880e38eb58af39c33094e455da59afd42b"
-SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
+SRCREV_machine ?= "8472ed342e0ac3f529c10b474b12ef0e05995778"
+SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.247"
+LINUX_VERSION ?= "5.4.248"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 6a6787a091..46a8856963 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.247"
+LINUX_VERSION ?= "5.4.248"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "5780bc7b75d300e9b90b78c9297ff4717a78a893"
-SRCREV_machine ?= "45eaa635123abc1568c35d4abd0f31cc7c4f75a9"
-SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
+SRCREV_machine_qemuarm ?= "ca5368c73bab4eb276a8e721df28c02ceb8f3eeb"
+SRCREV_machine ?= "abb579170926348d1518bc1a2de8cb1cdf403808"
+SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 6c9cea6993..fae2de5c72 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "5f8520357626b4a63278e222fa32b322f9811f34"
-SRCREV_machine_qemuarm64 ?= "5aae64158e118c7c96b6b2db41aa0c565d733c47"
-SRCREV_machine_qemumips ?= "50721182f0802cab035f92538c9fe60fa32e27a6"
-SRCREV_machine_qemuppc ?= "032f6844ab616a7c3c96a27a9f7c19c56e4b37a5"
-SRCREV_machine_qemuriscv64 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
-SRCREV_machine_qemux86 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
-SRCREV_machine_qemux86-64 ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
-SRCREV_machine_qemumips64 ?= "77a6c71bda43b4d11767ea3946385f6a5d2d24b6"
-SRCREV_machine ?= "2ded7ddaca7d93e0df26c4392b713dd7b016a402"
-SRCREV_meta ?= "b09511ad6dbb6f38303add48d2da78906bab1380"
+SRCREV_machine_qemuarm ?= "68775a8671944b96c6a1ee795809f81149951f2d"
+SRCREV_machine_qemuarm64 ?= "54bc3d459501d8df9baf093a34d8bb676c207a07"
+SRCREV_machine_qemumips ?= "ba2d346cc66307fa6332b9fb86eb8ca66f30ebcd"
+SRCREV_machine_qemuppc ?= "6703d4c7c75fab78e0c72227a98aba8071d5b1c3"
+SRCREV_machine_qemuriscv64 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
+SRCREV_machine_qemux86 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
+SRCREV_machine_qemux86-64 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
+SRCREV_machine_qemumips64 ?= "66cac7d41a43594760f6ac48e848d73315cc5dd3"
+SRCREV_machine ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
+SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.247"
+LINUX_VERSION ?= "5.4.248"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 09/10] linux-yocto-rt/54: fix 5.4-rt build breakage
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 08/10] linux-yocto/5.4: update to v5.4.248 Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 10/10] linux-yocto/5.4: cfg: fix DECNET configuration warning Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit:
commit 8d8179549a233e7517523ac12887016451da2e20
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Tue Jun 27 10:13:01 2023 -0400
rt: fix 5.4-stable introduced compile errors
The 5.4 stable series brough back two elements removed
by the -rt patch:
- tick_period
- deferred/safe printk
We fix the build by dropping the use of the period and
deferred printk
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index a98a64110a..541d169379 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,8 +11,8 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "8472ed342e0ac3f529c10b474b12ef0e05995778"
-SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
+SRCREV_machine ?= "8d8179549a233e7517523ac12887016451da2e20"
+SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 46a8856963..171ff8493c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine_qemuarm ?= "ca5368c73bab4eb276a8e721df28c02ceb8f3eeb"
SRCREV_machine ?= "abb579170926348d1518bc1a2de8cb1cdf403808"
-SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
+SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index fae2de5c72..527728d9d0 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -21,7 +21,7 @@ SRCREV_machine_qemux86 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
SRCREV_machine_qemux86-64 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
SRCREV_machine_qemumips64 ?= "66cac7d41a43594760f6ac48e848d73315cc5dd3"
SRCREV_machine ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
-SRCREV_meta ?= "5c912968f2cb938ad084d457dae99bf8eb16032d"
+SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 10/10] linux-yocto/5.4: cfg: fix DECNET configuration warning
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-06-30 2:33 ` [OE-core][dunfell 09/10] linux-yocto-rt/54: fix 5.4-rt build breakage Steve Sakoman
@ 2023-06-30 2:33 ` Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2023-06-30 2:33 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Dropping CONFIG_DECNET as it has been removed from -stable
and we now get a configuration warning.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 541d169379..d775a60e9f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -12,7 +12,7 @@ python () {
}
SRCREV_machine ?= "8d8179549a233e7517523ac12887016451da2e20"
-SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
+SRCREV_meta ?= "465d61ba36f5c7e32d1fddef078d5d2068fcc2cc"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 171ff8493c..5e2b2ab6cf 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine_qemuarm ?= "ca5368c73bab4eb276a8e721df28c02ceb8f3eeb"
SRCREV_machine ?= "abb579170926348d1518bc1a2de8cb1cdf403808"
-SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
+SRCREV_meta ?= "465d61ba36f5c7e32d1fddef078d5d2068fcc2cc"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 527728d9d0..336e72eede 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -21,7 +21,7 @@ SRCREV_machine_qemux86 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
SRCREV_machine_qemux86-64 ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
SRCREV_machine_qemumips64 ?= "66cac7d41a43594760f6ac48e848d73315cc5dd3"
SRCREV_machine ?= "d18af0e8acb7c4cb245739fa8165a44845ff2ba0"
-SRCREV_meta ?= "b6e41788aebaf8058d1f15f6cdcf55a6edb77755"
+SRCREV_meta ?= "465d61ba36f5c7e32d1fddef078d5d2068fcc2cc"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-06-30 2:33 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-30 2:33 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 01/10] libjpeg-turbo: CVE-2020-35538 Null pointer dereference in jcopy_sample_rows() function Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 02/10] ninja: Whitelist CVE-2021-4336, wrong ninja Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 03/10] go: Backport fix CVE-2023-29405 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 04/10] go: fix CVE-2023-29402 & CVE-2023-29404 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 05/10] libcap: backport Debian patches to fix CVE-2023-2602 and CVE-2023-2603 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 06/10] linux-yocto/5.4: update to v5.4.246 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 07/10] linux-yocto/5.4: update to v5.4.247 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 08/10] linux-yocto/5.4: update to v5.4.248 Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 09/10] linux-yocto-rt/54: fix 5.4-rt build breakage Steve Sakoman
2023-06-30 2:33 ` [OE-core][dunfell 10/10] linux-yocto/5.4: cfg: fix DECNET configuration warning Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.