* [honister][PATCH 00/22] Patch review
@ 2022-04-05 14:41 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 01/22] conf/machine: fix QEMU x86 sound options Anuj Mittal
` (21 more replies)
0 siblings, 22 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
Next set of changes to be merged in honister. Please review.
No issues seen while testing:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3476
Thanks,
Anuj
The following changes since commit ebca8f3ac9372b7ebb3d39e8f7f930b63b481448:
build-appliance-image: Update to honister head revision (2022-03-24 11:05:30 +0000)
are available in the Git repository at:
git://push.openembedded.org/openembedded-core-contrib anujm/honister
Bruce Ashfield (5):
linux-yocto: nohz_full boot arg fix
linux-yocto/5.10: split vtpm for more granular inclusion
linux-yocto/5.10: cfg/debug: add configs for kcsan
linux-yocto-rt/5.10: update to -rt61
linux-yocto/5.10: update to v5.10.107
Chee Yang Lee (1):
webkitgtk: update to 2.32.4
Joe Slater (1):
libxml2: fix CVE-2022-23308 regression
Michael Opdenacker (1):
conf/machine: fix QEMU x86 sound options
Minjae Kim (2):
gnu-config: update SRC_URI
virglrenderer: update SRC_URI
Peter Kjellerstedt (1):
oe-pkgdata-util: Adapt to the new variable override syntax
Ralph Siemsen (2):
libxml2: move to gitlab.gnome.org
libxml2: update to 2.9.13
Richard Purdie (3):
toaster: Fix broken overrides usage
pseudo: Add patch to workaround paths with crazy lengths
sanity: Add warning for local hasheqiv server with remote sstate
mirrors
Ross Burton (5):
devupstream: fix handling of SRC_URI
tiff: backport CVE fixes:
grub: ignore CVE-2021-46705
oeqa/selftest/devtool: ensure Git username is set before upgrade tests
zlib: backport the fix for CVE-2018-25032
wangmy (1):
linux-firmware: upgrade 20220209 -> 20220310
meta/classes/devupstream.bbclass | 5 +-
meta/classes/qemuboot.bbclass | 2 +-
meta/classes/sanity.bbclass | 5 +
meta/classes/toaster.bbclass | 6 +-
.../conf/machine/include/x86/qemuboot-x86.inc | 2 +-
meta/lib/oeqa/selftest/cases/devtool.py | 8 +
meta/recipes-bsp/grub/grub2.inc | 2 +
.../0002-Work-around-lxml-API-abuse.patch | 213 -----------
.../CVE-2022-23308-fix-regression.patch | 99 +++++
.../libxml2/libxml-m4-use-pkgconfig.patch | 16 +-
.../{libxml2_2.9.12.bb => libxml2_2.9.13.bb} | 15 +-
.../zlib/zlib/CVE-2018-25032.patch | 347 ++++++++++++++++++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
.../gnu-config/gnu-config_git.bb | 2 +-
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../virglrenderer/virglrenderer_0.9.1.bb | 2 +-
...20220209.bb => linux-firmware_20220310.bb} | 6 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
...rash-when-reading-a-file-with-multip.patch | 38 ++
...ue-380-and-382-heap-buffer-overflow-.patch | 218 +++++++++++
...-for-return-value-of-limitMalloc-392.patch | 93 +++++
...ag-avoid-calling-memcpy-with-a-null-.patch | 33 ++
.../0005-fix-the-FPE-in-tiffcrop-393.patch | 36 ++
...x-heap-buffer-overflow-in-tiffcp-278.patch | 57 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 9 +-
...1-Enable-THREADS_PREFER_PTHREAD_FLAG.patch | 2 +-
...ebkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} | 2 +-
scripts/oe-pkgdata-util | 2 +-
30 files changed, 996 insertions(+), 265 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
rename meta/recipes-core/libxml/{libxml2_2.9.12.bb => libxml2_2.9.13.bb} (92%)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220209.bb => linux-firmware_20220310.bb} (99%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} (98%)
--
2.35.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [honister][PATCH 01/22] conf/machine: fix QEMU x86 sound options
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 02/22] oe-pkgdata-util: Adapt to the new variable override syntax Anuj Mittal
` (20 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Michael Opdenacker <michael.opdenacker@bootlin.com>
This updates the QEMU sounds options for x86 emulation,
when "runqemu" is called with the "audio" argument,
to fix the below error:
runqemu - ERROR - Failed to run qemu: qemu-system-x86_64: warning: '-soundhw ac97' is deprecated, please use '-device AC97' instead
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b802a5dd1a79c7be3bc790223a733ebc9be4f117)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/qemuboot.bbclass | 2 +-
meta/conf/machine/include/x86/qemuboot-x86.inc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index 5e7e7c0659..2bde12748d 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -29,7 +29,7 @@
#
# QB_AUDIO_DRV: qemu audio driver, e.g., "alsa", set it when support audio
#
-# QB_AUDIO_OPT: qemu audio option, e.g., "-soundhw ac97,es1370", used
+# QB_AUDIO_OPT: qemu audio option, e.g., "-device AC97", used
# when QB_AUDIO_DRV is set.
#
# QB_RNG: Pass-through for host random number generator, it can speedup boot
diff --git a/meta/conf/machine/include/x86/qemuboot-x86.inc b/meta/conf/machine/include/x86/qemuboot-x86.inc
index d3b91070a8..b7b6428e44 100644
--- a/meta/conf/machine/include/x86/qemuboot-x86.inc
+++ b/meta/conf/machine/include/x86/qemuboot-x86.inc
@@ -8,7 +8,7 @@ QB_CPU:x86-64 = "-cpu IvyBridge -machine q35"
QB_CPU_KVM:x86-64 = "-cpu IvyBridge -machine q35"
QB_AUDIO_DRV = "alsa"
-QB_AUDIO_OPT = "-soundhw ac97,es1370"
+QB_AUDIO_OPT = "-device AC97"
QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1"
QB_OPT_APPEND = "-usb -device usb-tablet"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 02/22] oe-pkgdata-util: Adapt to the new variable override syntax
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 01/22] conf/machine: fix QEMU x86 sound options Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 03/22] linux-firmware: upgrade 20220209 -> 20220310 Anuj Mittal
` (19 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bf6a0ca9fdf639418646700b20b65c9960efdbe)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/oe-pkgdata-util | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/oe-pkgdata-util b/scripts/oe-pkgdata-util
index 71656dadce..7412cc1f47 100755
--- a/scripts/oe-pkgdata-util
+++ b/scripts/oe-pkgdata-util
@@ -296,7 +296,7 @@ def package_info(args):
extra = ''
for line in f:
for var in vars:
- m = re.match(var + '(?:_\S+)?:\s*(.+?)\s*$', line)
+ m = re.match(var + '(?::\S+)?:\s*(.+?)\s*$', line)
if m:
vals[var] = m.group(1)
pkg_version = vals['PKGV'] or ''
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 03/22] linux-firmware: upgrade 20220209 -> 20220310
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 01/22] conf/machine: fix QEMU x86 sound options Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 02/22] oe-pkgdata-util: Adapt to the new variable override syntax Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 04/22] devupstream: fix handling of SRC_URI Anuj Mittal
` (18 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
License-Update:
year updated to 2022
Version of some driver files updated
Added files for some drivers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be1b1d204c89035c54a626db46c5054e553b82c2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...inux-firmware_20220209.bb => linux-firmware_20220310.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220209.bb => linux-firmware_20220310.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb
index fe51892eb4..fa0f906db0 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220209.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220310.bb
@@ -72,7 +72,7 @@ LICENSE = "\
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=d357524f5099e2a3db3c1838921c593f \
+ file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=ed3d7426e4df06fbadcca24ebf00cc5f \
+ file://WHENCE;md5=45a9c4a92d152e9495db81e1192f2bdc \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "e2e46fa618414952bbf2f6920cd3abcddbef45bfb7d1352994b4bfc35394d177"
+SRC_URI[sha256sum] = "5938ee717b2023b48f6bfcf344b40ddc947e3e22c0bc36d4c3418f90fea68182"
inherit allarch
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 04/22] devupstream: fix handling of SRC_URI
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (2 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 03/22] linux-firmware: upgrade 20220209 -> 20220310 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 05/22] toaster: Fix broken overrides usage Anuj Mittal
` (17 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
As the class handler runs before overrides are actually applied we need
to check both SRC_URI:class-devupstream and SRC_URI, otherwise the
automatic assignment of S="${WORKDIR}/git" for git repositories does
not work if the base recipe uses http: but :class-devupstream has a git://
entry instead.
Also, there's no need to set S:class-devupstream, we can just assign to
S here.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0edb03088d0d1c20c899daed1bb3a7110b19670)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/devupstream.bbclass | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/classes/devupstream.bbclass b/meta/classes/devupstream.bbclass
index facc46f3af..ba6dc4136c 100644
--- a/meta/classes/devupstream.bbclass
+++ b/meta/classes/devupstream.bbclass
@@ -30,10 +30,11 @@ python devupstream_virtclass_handler () {
# Develpment releases are never preferred by default
d.setVar("DEFAULT_PREFERENCE", "-1")
- uri = bb.fetch2.URI(d.getVar("SRC_URI").split()[0])
+ src_uri = d.getVar("SRC_URI:class-devupstream") or d.getVar("SRC_URI")
+ uri = bb.fetch2.URI(src_uri.split()[0])
if uri.scheme == "git" and not d.getVar("S:class-devupstream"):
- d.setVar("S:class-devupstream", "${WORKDIR}/git")
+ d.setVar("S", "${WORKDIR}/git")
# Modify the PV if the recipe hasn't already overridden it
pv = d.getVar("PV")
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 05/22] toaster: Fix broken overrides usage
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (3 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 04/22] devupstream: fix handling of SRC_URI Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 06/22] pseudo: Add patch to workaround paths with crazy lengths Anuj Mittal
` (16 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes data corruption issues with toaster where image data wasn't
being processed correct.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 95cc2d041ad651cfb81b2e55251acf1b86f9ddfc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/toaster.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/classes/toaster.bbclass b/meta/classes/toaster.bbclass
index dd5c7f224b..f365c09142 100644
--- a/meta/classes/toaster.bbclass
+++ b/meta/classes/toaster.bbclass
@@ -101,11 +101,11 @@ def _toaster_load_pkgdatafile(dirpath, filepath):
for line in fin:
try:
kn, kv = line.strip().split(": ", 1)
- m = re.match(r"^PKG_([^A-Z:]*)", kn)
+ m = re.match(r"^PKG:([^A-Z:]*)", kn)
if m:
pkgdata['OPKGN'] = m.group(1)
- kn = "_".join([x for x in kn.split("_") if x.isupper()])
- pkgdata[kn] = kv.strip()
+ kn = kn.split(":")[0]
+ pkgdata[kn] = kv
if kn.startswith('FILES_INFO'):
pkgdata[kn] = json.loads(kv)
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 06/22] pseudo: Add patch to workaround paths with crazy lengths
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (4 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 05/22] toaster: Fix broken overrides usage Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 07/22] tiff: backport CVE fixes: Anuj Mittal
` (15 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to a version of pseudo which includes a workaround for crazy
long paths, as shown by the libfm failures from the libtool upgrade.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67dfa32d82b8862e6e543c37315f211aba3ec28b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index f9e3b46910..d20136aef9 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "d34f2f6cedccf8488730001bcbde6bb7499f8814"
+SRCREV = "df1d1321fb093283485c387e3c933d2d264e509c"
S = "${WORKDIR}/git"
PV = "1.9.0+git${SRCPV}"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 07/22] tiff: backport CVE fixes:
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (5 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 06/22] pseudo: Add patch to workaround paths with crazy lengths Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 08/22] linux-yocto: nohz_full boot arg fix Anuj Mittal
` (14 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
Backport fixes for the following CVEs:
- CVE-2022-0865
- CVE-2022-0891
- CVE-2022-0907
- CVE-2022-0908
- CVE-2022-0909
- CVE-2022-0924
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...rash-when-reading-a-file-with-multip.patch | 38 +++
...ue-380-and-382-heap-buffer-overflow-.patch | 218 ++++++++++++++++++
...-for-return-value-of-limitMalloc-392.patch | 93 ++++++++
...ag-avoid-calling-memcpy-with-a-null-.patch | 33 +++
.../0005-fix-the-FPE-in-tiffcrop-393.patch | 36 +++
...x-heap-buffer-overflow-in-tiffcp-278.patch | 57 +++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 9 +-
7 files changed, 483 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
new file mode 100644
index 0000000000..f1a4ab4251
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-0865
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 24 Feb 2022 22:26:02 +0100
+Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
+ IFD in memory-mapped mode and when bit reversal is needed (fixes #385)
+
+---
+ libtiff/tif_jbig.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 74086338..8bfa4cef 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
+ */
+ tif->tif_flags |= TIFF_NOBITREV;
+ tif->tif_flags &= ~TIFF_MAPPED;
++ /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
++ * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
++ * value to be consistent with the state of a non-memory mapped file.
++ */
++ if (tif->tif_flags&TIFF_BUFFERMMAP) {
++ tif->tif_rawdata = NULL;
++ tif->tif_rawdatasize = 0;
++ tif->tif_flags &= ~TIFF_BUFFERMMAP;
++ tif->tif_flags |= TIFF_MYBUFFER;
++ }
+
+ /* Setup the function pointers for encode, decode, and cleanup. */
+ tif->tif_setupdecode = JBIGSetupDecode;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
new file mode 100644
index 0000000000..d31e9650d1
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
@@ -0,0 +1,218 @@
+CVE: CVE-2022-0891
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From e46b49e60fddb2e924302fb1751f79eb9cfb2253 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Tue, 8 Mar 2022 17:02:44 +0000
+Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in
+ extractImageSection
+
+---
+ tools/tiffcrop.c | 92 +++++++++++++++++++-----------------------------
+ 1 file changed, 36 insertions(+), 56 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b85c2ce7..302a7e91 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -105,8 +105,8 @@
+ * of messages to monitor progress without enabling dump logs.
+ */
+
+-static char tiffcrop_version_id[] = "2.4";
+-static char tiffcrop_rev_date[] = "12-13-2010";
++static char tiffcrop_version_id[] = "2.4.1";
++static char tiffcrop_rev_date[] = "03-03-2010";
+
+ #include "tif_config.h"
+ #include "libport.h"
+@@ -6710,10 +6710,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ uint32_t img_length;
+ #endif
+- uint32_t j, shift1, shift2, trailing_bits;
++ uint32_t j, shift1, trailing_bits;
+ uint32_t row, first_row, last_row, first_col, last_col;
+ uint32_t src_offset, dst_offset, row_offset, col_offset;
+- uint32_t offset1, offset2, full_bytes;
++ uint32_t offset1, full_bytes;
+ uint32_t sect_width;
+ #ifdef DEVELMODE
+ uint32_t sect_length;
+@@ -6723,7 +6723,6 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ int k;
+ unsigned char bitset;
+- static char *bitarray = NULL;
+ #endif
+
+ img_width = image->width;
+@@ -6741,17 +6740,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ dst_offset = 0;
+
+ #ifdef DEVELMODE
+- if (bitarray == NULL)
+- {
+- if ((bitarray = (char *)malloc(img_width)) == NULL)
+- {
+- TIFFError ("", "DEBUG: Unable to allocate debugging bitarray");
+- return (-1);
+- }
+- }
++ char bitarray[39];
+ #endif
+
+- /* rows, columns, width, length are expressed in pixels */
++ /* rows, columns, width, length are expressed in pixels
++ * first_row, last_row, .. are index into image array starting at 0 to width-1,
++ * last_col shall be also extracted. */
+ first_row = section->y1;
+ last_row = section->y2;
+ first_col = section->x1;
+@@ -6761,9 +6755,14 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ sect_length = last_row - first_row + 1;
+ #endif
+- img_rowsize = ((img_width * bps + 7) / 8) * spp;
+- full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
+- trailing_bits = (sect_width * bps) % 8;
++ /* The read function loadImage() used copy separate plane data into a buffer as interleaved
++ * samples rather than separate planes so the same logic works to extract regions
++ * regardless of the way the data are organized in the input file.
++ * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1
++ */
++ img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */
++ full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
++ trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */
+
+ #ifdef DEVELMODE
+ TIFFError ("", "First row: %"PRIu32", last row: %"PRIu32", First col: %"PRIu32", last col: %"PRIu32"\n",
+@@ -6776,10 +6775,9 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if ((bps % 8) == 0)
+ {
+- col_offset = first_col * spp * bps / 8;
++ col_offset = (first_col * spp * bps) / 8;
+ for (row = first_row; row <= last_row; row++)
+ {
+- /* row_offset = row * img_width * spp * bps / 8; */
+ row_offset = row * img_rowsize;
+ src_offset = row_offset + col_offset;
+
+@@ -6792,14 +6790,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ }
+ else
+ { /* bps != 8 */
+- shift1 = spp * ((first_col * bps) % 8);
+- shift2 = spp * ((last_col * bps) % 8);
++ shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/
+ for (row = first_row; row <= last_row; row++)
+ {
+ /* pull out the first byte */
+ row_offset = row * img_rowsize;
+- offset1 = row_offset + (first_col * bps / 8);
+- offset2 = row_offset + (last_col * bps / 8);
++ offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */
+
+ #ifdef DEVELMODE
+ for (j = 0, k = 7; j < 8; j++, k--)
+@@ -6811,12 +6807,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ sprintf(&bitarray[9], " ");
+ for (j = 10, k = 7; j < 18; j++, k--)
+ {
+- bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0;
++ bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0;
+ sprintf(&bitarray[j], (bitset) ? "1" : "0");
+ }
+ bitarray[18] = '\0';
+- TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Shift2: %"PRIu32"\n",
+- row, offset1, shift1, offset2, shift2);
++ TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n",
++ row, offset1, shift1, offset1+full_bytes, trailing_bits);
+ #endif
+
+ bytebuff1 = bytebuff2 = 0;
+@@ -6840,11 +6836,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if (trailing_bits != 0)
+ {
+- bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2));
++ /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */
++ bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits));
+ sect_buff[dst_offset] = bytebuff2;
+ #ifdef DEVELMODE
+ TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n",
+- offset2, dst_offset);
++ offset1 + full_bytes, dst_offset);
+ for (j = 30, k = 7; j < 38; j++, k--)
+ {
+ bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0;
+@@ -6863,8 +6860,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ for (j = 0; j <= full_bytes; j++)
+ {
+- bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
+- bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1));
++ /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/
++ /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */
++ bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
++ bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1));
+ sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1));
+ }
+ #ifdef DEVELMODE
+@@ -6880,36 +6879,17 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ dst_offset += full_bytes;
+
++ /* Copy the trailing_bits for the last byte in the destination buffer.
++ Could come from one ore two bytes of the source buffer. */
+ if (trailing_bits != 0)
+ {
+ #ifdef DEVELMODE
+- TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", offset1 + full_bytes, dst_offset);
+-#endif
+- if (shift2 > shift1)
+- {
+- bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2));
+- bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1);
+- sect_buff[dst_offset] = bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 > Shift1\n");
++ TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset);
+ #endif
++ /* More than necessary bits are already copied into last destination buffer,
++ * only masking of last byte in destination buffer is necessary.*/
++ sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits));
+ }
+- else
+- {
+- if (shift2 < shift1)
+- {
+- bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1));
+- sect_buff[dst_offset] &= bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 < Shift1\n");
+-#endif
+- }
+-#ifdef DEVELMODE
+- else
+- TIFFError ("", " Shift2 == Shift1\n");
+-#endif
+- }
+- }
+ #ifdef DEVELMODE
+ sprintf(&bitarray[28], " ");
+ sprintf(&bitarray[29], " ");
+@@ -7062,7 +7042,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image,
+ width = sections[i].x2 - sections[i].x1 + 1;
+ length = sections[i].y2 - sections[i].y1 + 1;
+ sectsize = (uint32_t)
+- ceil((width * image->bps + 7) / (double)8) * image->spp * length;
++ ceil((width * image->bps * image->spp + 7) / (double)8) * length;
+ /* allocate a buffer if we don't have one already */
+ if (createImageSection(sectsize, sect_buff_ptr))
+ {
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
new file mode 100644
index 0000000000..a0b856b9e1
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
@@ -0,0 +1,93 @@
+CVE: CVE-2022-0907
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a139191cc86f4dc44c74a0f22928e0fb38ed2485 Mon Sep 17 00:00:00 2001
+From: Augustus <wangdw.augustus@qq.com>
+Date: Mon, 7 Mar 2022 18:21:49 +0800
+Subject: [PATCH 3/6] add checks for return value of limitMalloc (#392)
+
+---
+ tools/tiffcrop.c | 33 +++++++++++++++++++++------------
+ 1 file changed, 21 insertions(+), 12 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 302a7e91..e407bf51 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ if (!sect_buff)
+ {
+ sect_buff = (unsigned char *)limitMalloc(sectsize);
+- *sect_buff_ptr = sect_buff;
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ else
+@@ -7373,15 +7377,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ else
+ sect_buff = new_buff;
+
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ }
+
+- if (!sect_buff)
+- {
+- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+- return (-1);
+- }
+ prev_sectsize = sectsize;
+ *sect_buff_ptr = sect_buff;
+
+@@ -7648,7 +7652,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (!crop_buff)
+ {
+ crop_buff = (unsigned char *)limitMalloc(cropsize);
+- *crop_buff_ptr = crop_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ prev_cropsize = cropsize;
+ }
+@@ -7664,15 +7672,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ }
+ else
+ crop_buff = new_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ }
+ }
+
+- if (!crop_buff)
+- {
+- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+- return (-1);
+- }
+ *crop_buff_ptr = crop_buff;
+
+ if (crop->crop_mode & CROP_INVERT)
+@@ -9231,3 +9239,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
+ * fill-column: 78
+ * End:
+ */
++
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
new file mode 100644
index 0000000000..719dabaecc
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-0908
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From ef5a0bf271823df168642444d051528a68205cb0 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 17 Feb 2022 15:28:43 +0100
+Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #383)
+
+---
+ libtiff/tif_dirread.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index d84147a0..4e8ce729 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ if (dp->tdir_count > 0 )
++ {
++ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ }
+ o[(uint32_t)dp->tdir_count]=0;
+ if (data!=0)
+ _TIFFfree(data);
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
new file mode 100644
index 0000000000..64dbe9ef92
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
@@ -0,0 +1,36 @@
+CVE: CVE-2022-0909
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 8 Mar 2022 16:22:04 +0000
+Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393)
+
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index a6c254fc..77da6ea4 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ break;
+ case TIFFTAG_XRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_YRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
new file mode 100644
index 0000000000..afd5e59960
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-0924
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1074b9691322b1e3671cd8ea0b6b3509d08978fb Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Thu, 10 Mar 2022 08:48:00 +0000
+Subject: [PATCH 6/6] fix heap buffer overflow in tiffcp (#278)
+
+---
+ tools/tiffcp.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 1f889516..552d8fad 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+ tdata_t obuf;
+ tstrip_t strip = 0;
+ tsample_t s;
++ uint16_t bps = 0, bytes_per_sample;
+
+ obuf = limitMalloc(stripsize);
+ if (obuf == NULL)
+ return (0);
+ _TIFFmemset(obuf, 0, stripsize);
+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
++ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++ if( bps == 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ if( (bps % 8) != 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ bytes_per_sample = bps/8;
+ for (s = 0; s < spp; s++) {
+ uint32_t row;
+ for (row = 0; row < imagelength; row += rowsperstrip) {
+@@ -1676,7 +1691,7 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+
+ cpContigBufToSeparateBuf(
+ obuf, (uint8_t*) buf + row * rowsize + s,
+- nrows, imagewidth, 0, 0, spp, 1);
++ nrows, imagewidth, 0, 0, spp, bytes_per_sample);
+ if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
+ TIFFError(TIFFFileName(out),
+ "Error, can't write strip %"PRIu32,
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 86b55ad284..0a82f0d780 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -11,7 +11,14 @@ CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \
file://561599c99f987dc32ae110370cfdd7df7975586b.patch \
- file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch"
+ file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch \
+ file://0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch \
+ file://0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch \
+ file://0003-add-checks-for-return-value-of-limitMalloc-392.patch \
+ file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \
+ file://0005-fix-the-FPE-in-tiffcrop-393.patch \
+ file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
+ "
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 08/22] linux-yocto: nohz_full boot arg fix
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (6 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 07/22] tiff: backport CVE fixes: Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 09/22] linux-yocto/5.10: split vtpm for more granular inclusion Anuj Mittal
` (13 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/5.15:
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 11de5ad0cfee5bf8bcdd28da6b27447280add2cf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 2 +-
.../linux/linux-yocto-tiny_5.10.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 20 +++++++++----------
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 70b572e808..36eb86f8c1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,7 +11,7 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "abd24ddc62072fcc5ecf12cf8feadd2e6fda59bd"
+SRCREV_machine ?= "e0d87d9831a6e0df20a370adc9aba0d032d91661"
SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 9e954e45de..2c46c665a0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -15,8 +15,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "682b9a24accb1e3a305957dec28f7f565db95369"
-SRCREV_machine ?= "5e844e753c3e1f153af9dfee6b88e5dc1e57f30f"
+SRCREV_machine:qemuarm ?= "38f8b1b5b87959e6cb9367151e233d27befe015d"
+SRCREV_machine ?= "cc70f051e56005acda2e6ea994cadfb2538e66f6"
SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 86d9559469..3d3ee6d623 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,16 +13,16 @@ KBRANCH:qemux86 ?= "v5.10/standard/base"
KBRANCH:qemux86-64 ?= "v5.10/standard/base"
KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "56cfcfb12870782355bacaf8bcde9e268f422140"
-SRCREV_machine:qemuarm64 ?= "3aab5bb12bc180d582a6f82e4a085f45a7b0c283"
-SRCREV_machine:qemumips ?= "d76ec4c19a876a3235567ab2cee2e33f2875f79a"
-SRCREV_machine:qemuppc ?= "513a8885de593e8b1f3c24595c015bb9b1d55563"
-SRCREV_machine:qemuriscv64 ?= "de1b3b1aef1a5c3dec0676e152f6801e1cc309e5"
-SRCREV_machine:qemuriscv32 ?= "de1b3b1aef1a5c3dec0676e152f6801e1cc309e5"
-SRCREV_machine:qemux86 ?= "de1b3b1aef1a5c3dec0676e152f6801e1cc309e5"
-SRCREV_machine:qemux86-64 ?= "de1b3b1aef1a5c3dec0676e152f6801e1cc309e5"
-SRCREV_machine:qemumips64 ?= "b63b87635569c07343f25194abf008f1e27c0bca"
-SRCREV_machine ?= "de1b3b1aef1a5c3dec0676e152f6801e1cc309e5"
+SRCREV_machine:qemuarm ?= "74469c4b03f62e4b4da066e52785ed74b1d121ae"
+SRCREV_machine:qemuarm64 ?= "69f185342f516efa8a9233e31d2c3f8356b3a388"
+SRCREV_machine:qemumips ?= "d97607700b2fba19af10b2110b99c448ed9a88e9"
+SRCREV_machine:qemuppc ?= "090085d4bb6181c3b972d82c9f8f7ed88c90ad6b"
+SRCREV_machine:qemuriscv64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
+SRCREV_machine:qemuriscv32 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
+SRCREV_machine:qemux86 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
+SRCREV_machine:qemux86-64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
+SRCREV_machine:qemumips64 ?= "a1b43f69bce61143dd4d6d637f619eadd3fabb6e"
+SRCREV_machine ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
# remap qemuarm to qemuarma15 for the 5.8 kernel
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 09/22] linux-yocto/5.10: split vtpm for more granular inclusion
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (7 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 08/22] linux-yocto: nohz_full boot arg fix Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 10/22] linux-yocto/5.10: cfg/debug: add configs for kcsan Anuj Mittal
` (12 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/.:
6ca1d510a03 features/tpm: split into tpm-1.2, tpm-2.0, tpm-2.0-crb and vtpm feature
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b61be908468b1057a9d2baf40c1ebfbbd74732b8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 36eb86f8c1..5852730422 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -12,7 +12,7 @@ python () {
}
SRCREV_machine ?= "e0d87d9831a6e0df20a370adc9aba0d032d91661"
-SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
+SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 2c46c665a0..48e5a4f871 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine:qemuarm ?= "38f8b1b5b87959e6cb9367151e233d27befe015d"
SRCREV_machine ?= "cc70f051e56005acda2e6ea994cadfb2538e66f6"
-SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
+SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 3d3ee6d623..0a80790636 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -23,7 +23,7 @@ SRCREV_machine:qemux86 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
SRCREV_machine:qemux86-64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
SRCREV_machine:qemumips64 ?= "a1b43f69bce61143dd4d6d637f619eadd3fabb6e"
SRCREV_machine ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_meta ?= "792f1272dd0d68d5dba0ff35949b2094f818227e"
+SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE:qemuarm ?= "qemuarma15"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 10/22] linux-yocto/5.10: cfg/debug: add configs for kcsan
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (8 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 09/22] linux-yocto/5.10: split vtpm for more granular inclusion Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 11/22] linux-yocto-rt/5.10: update to -rt61 Anuj Mittal
` (11 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/.:
b56db30a7c5 cfg/debug: add scc for syzkaller fuzzing
c4494ad7f23 features/tun: add configs for Universal TUN/TAP device driver support
148948c3829 features/bluetooth: add configs for Bluetooth Virtual HCI device driver
824a7ba4dda features/usb: add configs for USB raw gadget
0bd038864a5 features/usb: add configs for dummy HCD
e8c765f559f features/ieee802154: add configs for mac802154 hwsim
99aea8bc07b features/mac80211: add configs for mac80211 hwsim
c7bf42227e3 cfg/debug: add configs for fault injection debugfs
ae48b977f61 cfg/debug: add configs for kcsan
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 88a761c98d3a4dbf5a8b2b623248b53077717662)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 5852730422..88fb3b4113 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -12,7 +12,7 @@ python () {
}
SRCREV_machine ?= "e0d87d9831a6e0df20a370adc9aba0d032d91661"
-SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
+SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 48e5a4f871..f1c2bc33e4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine:qemuarm ?= "38f8b1b5b87959e6cb9367151e233d27befe015d"
SRCREV_machine ?= "cc70f051e56005acda2e6ea994cadfb2538e66f6"
-SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
+SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 0a80790636..87a7d5e3ae 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -23,7 +23,7 @@ SRCREV_machine:qemux86 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
SRCREV_machine:qemux86-64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
SRCREV_machine:qemumips64 ?= "a1b43f69bce61143dd4d6d637f619eadd3fabb6e"
SRCREV_machine ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_meta ?= "b814c7ebf2a92fc361bcbeaf6efdd40b8cd0816a"
+SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE:qemuarm ?= "qemuarma15"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 11/22] linux-yocto-rt/5.10: update to -rt61
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (9 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 10/22] linux-yocto/5.10: cfg/debug: add configs for kcsan Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 12/22] linux-yocto/5.10: update to v5.10.107 Anuj Mittal
` (10 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto-rt/5.10:
48b12b48c110 Linux 5.10.90-rt61
2367f287812f aio: Fix incorrect usage of eventfd_signal_allowed()
640f56f85c08 stop_machine: Remove this_cpu_ptr() from print_stop_info().
38c47ed56da8 eventfd: Make signal recursion protection a task bit
45f3f3c787e3 Linux 5.10.90-rt60
257f82607c82 Linux 5.10.87-rt59
7ff031bb6566 Linux 5.10.83-rt58
03cfb1aadc5e Linux 5.10.80-rt57
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a201b82e999d2216fc58bd8db405bb06c9f22ff5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 4 ++--
.../linux/linux-yocto-tiny_5.10.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 88fb3b4113..17fc109728 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,8 +11,8 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "e0d87d9831a6e0df20a370adc9aba0d032d91661"
-SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
+SRCREV_machine ?= "48b12b48c1103b811263aaed4d81bfb8b24fdfc4"
+SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index f1c2bc33e4..9a4bf39b46 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "38f8b1b5b87959e6cb9367151e233d27befe015d"
-SRCREV_machine ?= "cc70f051e56005acda2e6ea994cadfb2538e66f6"
-SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
+SRCREV_machine:qemuarm ?= "3c9683e7166044d91c0ef900491f2f881a8bd6b7"
+SRCREV_machine ?= "7f3e78220d6510de21d74e3f330f1f93cb635745"
+SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 87a7d5e3ae..3aa28b3009 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.10/standard/base"
KBRANCH:qemux86-64 ?= "v5.10/standard/base"
KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "74469c4b03f62e4b4da066e52785ed74b1d121ae"
-SRCREV_machine:qemuarm64 ?= "69f185342f516efa8a9233e31d2c3f8356b3a388"
-SRCREV_machine:qemumips ?= "d97607700b2fba19af10b2110b99c448ed9a88e9"
-SRCREV_machine:qemuppc ?= "090085d4bb6181c3b972d82c9f8f7ed88c90ad6b"
-SRCREV_machine:qemuriscv64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_machine:qemuriscv32 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_machine:qemux86 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_machine:qemux86-64 ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_machine:qemumips64 ?= "a1b43f69bce61143dd4d6d637f619eadd3fabb6e"
-SRCREV_machine ?= "e6c8ebd210a2ab7817618bb4c518d69d35d16cf7"
-SRCREV_meta ?= "b56db30a7c5a0d86ccc853ee68be925086318f88"
+SRCREV_machine:qemuarm ?= "ed7ac660431f6eb29add763876d7a10b6a6e539e"
+SRCREV_machine:qemuarm64 ?= "9ca22664eb7cd86b7c91770bdaa1c5581a081938"
+SRCREV_machine:qemumips ?= "4d5c2b576ee19c6ede626f2ffdb6a96d06ddd065"
+SRCREV_machine:qemuppc ?= "54e5ceedcce6039a0479eaeea000e3c42cf4e4bc"
+SRCREV_machine:qemuriscv64 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
+SRCREV_machine:qemuriscv32 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
+SRCREV_machine:qemux86 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
+SRCREV_machine:qemux86-64 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
+SRCREV_machine:qemumips64 ?= "012ce81097a4d2d94a7d5cb596fb4ad7d8f438f1"
+SRCREV_machine ?= "0370165abaa08fa66808c54ed345eb70a558268b"
+SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE:qemuarm ?= "qemuarma15"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 12/22] linux-yocto/5.10: update to v5.10.107
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (10 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 11/22] linux-yocto-rt/5.10: update to -rt61 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 13/22] gnu-config: update SRC_URI Anuj Mittal
` (9 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
4c8814277b5d Linux 5.10.107
7a0d13ef67a1 arm64: kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
dc1163203ae6 io_uring: return back safer resurrect
8fdaab341bad kselftest/vm: fix tests build with old libc
2490695ffdba sfc: extend the locking on mcdi->seqno
2fad5b694896 tcp: make tcp_read_sock() more robust
3f9a8f8a952c nl80211: Update bss channel on channel switch for P2P_CLIENT
0ba557d33094 drm/vrr: Set VRR capable prop only if it is attached to connector
9a8e4a5c5b73 iwlwifi: don't advertise TWT support
c5ea0221c816 atm: firestream: check the return value of ioremap() in fs_init()
efdd92c18ed4 can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ebe106eac686 ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
e8ad9ecc4069 MIPS: smp: fill in sibling and core maps earlier
8c70b9b47004 mac80211: refuse aggregations sessions before authorized
d687d7559e24 ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
6f0a94931c47 ARM: dts: rockchip: reorder rk322x hmdi clocks
6493c6aa8b44 arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg"
c5c8c649fee0 arm64: dts: rockchip: reorder rk3399 hdmi clocks
f7f062919f41 arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
ca142038a54f xfrm: Fix xfrm migrate issues when address family changes
d8889a445b53 xfrm: Check if_id in xfrm_migrate
6056abc99b58 sctp: fix the processing for INIT chunk
bdf0316982f0 Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
327f1e7d813c Linux 5.10.106
648895da69ce watch_queue: Fix filter limit check
8bb5b72dbd9a ARM: fix Thumb2 regression with Spectre BHB
6b1249db9e1c ext4: add check to prevent attempting to resize an fs with sparse_super2
b297cf764d8c x86/traps: Mark do_int3() NOKPROBE_SYMBOL
29f6f3500127 x86/boot: Add setup_indirect support in early_memremap_is_setup_data()
b3444e5b640a x86/boot: Fix memremap of setup_indirect structures
24d268130e3c watch_queue: Make comment about setting ->defunct more accurate
ec03510e0a77 watch_queue: Fix lack of barrier/sync/lock between post and read
06ab8444392a watch_queue: Free the alloc bitmap when the watch_queue is torn down
880acbb718e1 watch_queue: Fix the alloc bitmap size to reflect notes allocated
e2b52ca4988e watch_queue: Fix to always request a pow-of-2 pipe ring size
2039900aadba watch_queue: Fix to release page in ->release()
d729d4e99fb8 watch_queue, pipe: Free watchqueue state after clearing pipe ring
573a3228ca32 virtio: acknowledge all features before access
bf52b627cf47 virtio: unexport virtio_finalize_features
8bfb959ea28d arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
1ef5fe3dba2a riscv: Fix auipc+jalr relocation range checks
a69aa422b478 mmc: meson: Fix usage of meson_mmc_post_req()
0c6eeaf8c168 net: macb: Fix lost RX packet wakeup race in NAPI receive
6d9700b44509 staging: gdm724x: fix use after free in gdm_lte_rx()
8c1bc04c8c82 staging: rtl8723bs: Fix access-point mode deadlock
ab5595b45f73 fuse: fix pipe buffer lifetime for direct_io
f2c52a4baf56 ARM: Spectre-BHB: provide empty stub for non-config
f1f5d089fcc6 selftests/memfd: clean up mapping in mfd_fail_write
71013d071b50 selftest/vm: fix map_fixed_noreplace test failure
8d276f10e84a tracing: Ensure trace buffer is at least 4096 bytes large
ae7597b47dda ipv6: prevent a possible race condition with lifetimes
8c0c50e9fcff Revert "xen-netback: Check for hotplug-status existence before watching"
625c04b523ca Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
a0e2768fb901 gpio: Return EPROBE_DEFER if gc->to_irq is NULL
65d4e9d130fb hwmon: (pmbus) Clear pmbus fault/warning bits after read
d15c9f6e3335 net-sysfs: add check for netdevice being present to speed_show
8c023c303978 spi: rockchip: terminate dma transmission when slave abort
889254f98e99 spi: rockchip: Fix error in getting num-cs property
4fb9be675be8 selftests/bpf: Add test for bpf_timer overwriting crash
dc1c2b47b539 net: bcmgenet: Don't claim WOL when its not available
b7e4d9ba2ddb sctp: fix kernel-infoleak for SCTP sockets
3cf533f12001 net: phy: DP83822: clear MISR2 register to disable interrupts
21044e679ed5 gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
3a4cd1c51eea gpio: ts4900: Do not set DAT and OE together
7702e7e9e396 selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
2b1c85f56512 NFC: port100: fix use-after-free in port100_send_complete
1fdabf2cf42b net/mlx5e: Lag, Only handle events from highest priority multipath entry
f3331bc17449 net/mlx5: Fix a race on command flush flow
5f1340963b11 net/mlx5: Fix size field in bufferx_reg struct
e2201ef32f93 ax25: Fix NULL pointer dereference in ax25_kill_by_device
cc7679079c7e net: ethernet: lpc_eth: Handle error for clk_enable
b3e4fcb53921 net: ethernet: ti: cpts: Handle error for clk_enable
5e42f90d7220 tipc: fix incorrect order of state message data sanity check
979b418b96e3 ethernet: Fix error handling in xemaclite_of_probe
506d61bc1b50 ice: Fix curr_link_speed advertised speed
852a9e97d396 ice: Rename a couple of variables
b21ffd5469a9 ice: Remove unnecessary checker loop
875967aff5a6 ice: Align macro names to the specification
8c613f7cd3ca ice: stop disabling VFs due to PF error responses
d9ee2cbff2e9 i40e: stop disabling VFs due to PF error responses
965070a2b71d ARM: dts: aspeed: Fix AST2600 quad spi group
96b01b854151 net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate()
ed5bb00d8604 drm/sun4i: mixer: Fix P010 and P210 format numbers
93223495bce5 qed: return status of qed_iov_get_link
5bee2ed0508b esp: Fix BEET mode inter address family tunneling on GSO
16386479ef59 net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
33c74f808596 isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
cca9d5035bd0 virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
a3d5fcc6cf2e mISDN: Fix memory leak in dsp_pipeline_build()
f97ad179d12f mISDN: Remove obsolete PIPELINE_DEBUG debugging information
2de76d37d4a6 tipc: fix kernel panic when enabling bearer
ea3a5e6df512 arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
2c6a75ea32f9 HID: vivaldi: fix sysfs attributes leak
2a18a38cbc3b clk: qcom: gdsc: Add support to update GDSC transition delay
0d6882dd158e ARM: boot: dts: bcm2711: Fix HVS register range
67c781d938b8 Linux 5.10.105
561e91e5fee8 Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
206c8e271ba2 xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
39c00d09286c xen/gnttab: fix gnttab_end_foreign_access() without page specified
c4b16486d602 xen/pvcalls: use alloc/free_pages_exact()
8357d75bfdb8 xen/9p: use alloc/free_pages_exact()
17f01b7206af xen: remove gnttab_query_foreign_access()
5f36ae75b847 xen/gntalloc: don't use gnttab_query_foreign_access()
304725518277 xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
f6690dd9446a xen/netfront: don't use gnttab_query_foreign_access() for mapped status
96219af4e504 xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
3d81e85f30a8 xen/grant-table: add gnttab_try_end_foreign_access()
5c600371b8fd xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
90f59cc2f2cc ARM: fix build warning in proc-v7-bugs.c
8c4192d126ba ARM: Do not use NOCROSSREFS directive with ld.lld
1749b553d73b ARM: fix co-processor register typo
a330601c637b ARM: fix build error when BPF_SYSCALL is disabled
b65b87e718c3 arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
551717cf3b58 arm64: Use the clearbhb instruction in mitigations
38c26bdb3cc5 KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
e192c8baa69a arm64: Mitigate spectre style branch history side channels
192023e6baf7 KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
13a807a0a080 arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
1f63326a5211 arm64: Add percpu vectors for EL1
56cf5326bdf9 arm64: entry: Add macro for reading symbol addresses from the trampoline
3f21b7e35523 arm64: entry: Add vectors that have the bhb mitigation sequences
49379552969a arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
26211252c1c1 arm64: entry: Allow the trampoline text to occupy multiple pages
73ee716a1f63 arm64: entry: Make the kpti trampoline's kpti sequence optional
8c691e5308c5 arm64: entry: Move trampoline macros out of ifdef'd section
e55025063276 arm64: entry: Don't assume tramp_vectors is the start of the vectors
5275fb5ea5f5 arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
bda89602814c arm64: entry: Move the trampoline data page before the text page
d93b25a66548 arm64: entry: Free up another register on kpti's tramp_exit path
5242d6971e10 arm64: entry: Make the trampoline cleanup optional
7048a21086fb arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
dc5b630c0d53 arm64: entry.S: Add ventry overflow sanity checks
97d8bdf33182 arm64: cpufeature: add HWCAP for FEAT_RPRES
162aa002ec1a arm64: cpufeature: add HWCAP for FEAT_AFP
dbcfa9853953 arm64: add ID_AA64ISAR2_EL1 sys register
7ae8127e4123 arm64: Add HWCAP for self-synchronising virtual counter
b19eaa004f2e arm64: Add Cortex-A510 CPU part definition
86171569312b arm64: Add Cortex-X2 CPU part definition
fc8070a9c5ad arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
f3c12fc53e0a arm64: cputype: Add CPU implementor & types for the Apple M1 cores
302754d023a0 ARM: include unprivileged BPF status in Spectre V2 reporting
3f9c958e3572 ARM: Spectre-BHB workaround
29d9b56df1e1 ARM: use LOADADDR() to get load address of sections
46deb224680b ARM: early traps initialisation
b7f1e73c4ddf ARM: report Spectre v2 status through sysfs
d04937ae9490 x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
cc9e3e55bde7 x86/speculation: Warn about Spectre v2 LFENCE mitigation
e335384560d1 x86/speculation: Update link to AMD speculation whitepaper
2fdf67a1d215 x86/speculation: Use generic retpoline by default on AMD
afc2d635b5e1 x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
071e8b69d780 Documentation/hw-vuln: Update spectre doc
a6a119d647ad x86/speculation: Add eIBRS + Retpoline options
f38774bb6e23 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
206cfe2dac3e x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
97581b56b59f Linux 5.10.104
dbbe09d95377 hamradio: fix macro redefine warning
dcd03efd7e8d Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
292e1c88b8a5 btrfs: add missing run of delayed items after unlink during log replay
41712c5fa518 btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
6e0319e77083 btrfs: fix lost prealloc extents beyond eof after full fsync
827172ffa999 tracing: Fix return value of __setup handlers
78059b1cfcd9 tracing/histogram: Fix sorting on old "cpu" value
0e188fde82d7 HID: add mapping for KEY_ALL_APPLICATIONS
f276ea5035aa HID: add mapping for KEY_DICTATE
3b8f2a7aed80 Input: samsung-keypad - properly state IOMEM dependency
a621ae6394ce Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
1397bbcd817f Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
988f4f29cc44 net: dcb: disable softirqs in dcbnl_flush_dev()
6828da5dea53 drm/amdgpu: fix suspend/resume hang regression
f5e496ef73f3 nl80211: Handle nla_memdup failures in handle_nan_filter
64e4305a03d0 iavf: Refactor iavf state machine tracking
e6bc597fbcb2 net: chelsio: cxgb3: check the return value of pci_find_capability()
320980b2496d ibmvnic: complete init_done on transport events
86027004bb9d ARM: tegra: Move panels to AUX bus
fbb810825aff soc: fsl: qe: Check of ioremap return value
2824f6939e26 soc: fsl: guts: Add a missing memory allocation failure check
3afe488d5c9c soc: fsl: guts: Revert commit 3c0d64e867ed
44709130793b ARM: dts: Use 32KiHz oscillator on devkit8000
298f6fae544f ARM: dts: switch timer config to common devkit8000 devicetree
8b20c1999d3a s390/extable: fix exception table sorting
49aa9c9c7fa7 memfd: fix F_SEAL_WRITE after shmem huge page allocated
6acbc8875282 ibmvnic: free reset-work-item when flushing
9d8a11d74de5 igc: igc_write_phy_reg_gpy: drop premature return
223744f52133 pinctrl: sunxi: Use unique lockdep classes for IRQs
2851b76e5fd0 selftests: mlxsw: tc_police_scale: Make test more robust
85bf489c5c01 ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
6b6341049086 ARM: Fix kgdb breakpoint for Thumb2
fefe4cb4a640 igc: igc_read_phy_reg_gpy: drop premature return
0632854fb171 arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
43eaf1b17845 can: gs_usb: change active_channels's type from atomic_t to u8
daaed6ced88c ASoC: cs4265: Fix the duplicated control name
8b8ac465bf52 firmware: arm_scmi: Remove space in MODULE_ALIAS name
667df6fe3ece efivars: Respect "block" flag in efivar_entry_set_safe()
283c37e5429e ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
5f394102ee27 net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
92b791771abd ibmvnic: register netdev after init of adapter
6e0f986032c5 net: sxgbe: fix return value of __setup handler
e1a82db1ebaf iavf: Fix missing check for running netdev
c9a066fe4593 mac80211: treat some SAE auth steps as final
e6d7f57f919f net: stmmac: fix return value of __setup handler
fa65989a4867 mac80211: fix forwarded mesh frames AC & queue selection
dcc3423c1dca ia64: ensure proper NUMA distance and possible map initialization
1312ef5ad0a5 sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
d753aecb3d4b sched/topology: Make sched_init_numa() use a set for the deduplicating sort
05ae1f0fe9c6 ice: fix concurrent reset and removal of VFs
41edeeaae51a ice: Fix race conditions between virtchnl handling and VF ndo ops
0c145262ac99 rcu/nocb: Fix missed nocb_timer requeue
9bb7237cc740 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
d7eb662625eb net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
2e8d465b83db net/smc: fix connection leak
6a8a4dc2a279 net: dcb: flush lingering app table entries for unregistered devices
f4c63b24dea9 net: ipv6: ensure we call ipv6_mc_down() at most once
a9c4a74ad5ae batman-adv: Don't expect inter-netns unique iflink indices
3dae11d21fc8 batman-adv: Request iflink once in batadv_get_real_netdevice
dcf10d78ff2c batman-adv: Request iflink once in batadv-on-batadv check
81f817f3e559 netfilter: nf_queue: handle socket prefetch
4d05239203fa netfilter: nf_queue: fix possible use-after-free
3b9ba964f77c netfilter: nf_queue: don't assume sk is full socket
4e178ed14bda net: fix up skbs delta_truesize in UDP GRO frag_list
eb5e444fe37d e1000e: Correct NVM checksum verification flow
b53d4bfd1a68 xfrm: enforce validity of offload input flags
2f0e6d80e8b5 xfrm: fix the if_id check in changelink
24efaae03b0d bpf, sockmap: Do not ignore orig_len parameter
8b0142c4143c netfilter: fix use-after-free in __nf_register_net_hook()
4952faa77d8d xfrm: fix MTU regression
e93f2be33d4f mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
912186db092c ntb: intel: fix port config status offset for SPR
1c0b51e62a50 thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
a1753d5c29a6 xen/netfront: destroy queues before real_num_tx_queues is zeroed
ce41d8039196 drm/i915: s/JSP2/ICP2/ PCH
61a895da4844 iommu/amd: Recover from event log overflow
6951a5888165 ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
dd9dd24fd7cb riscv: Fix config KASAN && DEBUG_VIRTUAL
7211aab2881b riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
00fb385f0ac4 riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
336872601cb8 ALSA: intel_hdmi: Fix reference to PCM buffer address
e57dfaf66f2b tracing: Add ustring operation to filtering string pointers
4a9d2390f3e2 drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
67e25eb1b474 ata: pata_hpt37x: fix PCI clock detection
335f11ff74f2 serial: stm32: prevent TDR register overwrite when sending x_char
c999c5927e96 tracing: Add test for user space strings when filtering on string pointers
db36a94ed66b exfat: fix i_blocks for files truncated over 4 GiB
1b810d5cb6ce exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
fdd64084e405 usb: gadget: clear related members when goto fail
c13159a58881 usb: gadget: don't release an existing dev->buf
00d5ac05af3a net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
16f903afbafb i2c: qup: allow COMPILE_TEST
57c333ad8c28 i2c: cadence: allow COMPILE_TEST
9d6285e63241 dmaengine: shdma: Fix runtime PM imbalance on error
37b06d5ebf5c selftests/seccomp: Fix seccomp failure by adding missing headers
df9db1a2af37 cifs: fix double free race when mount fails in cifs_get_root()
e3850e211df6 tipc: fix a bit overflow in tipc_crypto_key_rcv()
6d4985b8a0bf KVM: arm64: vgic: Read HW interrupt pending state from the HW
5d4b00e053fc Input: clear BTN_RIGHT/MIDDLE on buttonpads
6e7015d982ee regulator: core: fix false positive in regulator_late_cleanup()
467d664e5fff ASoC: rt5682: do not block workqueue if card is unbound
0b050b7a0d73 ASoC: rt5668: do not block workqueue if card is unbound
11956c6eeb5a i2c: bcm2835: Avoid clock stretching timeouts
13f0ea8d1193 mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
46f6d66219b5 mac80211_hwsim: report NOACK frames in tx_status
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1e600731a459c1dfe14032e5242806a25f091b41)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 6 ++---
.../linux/linux-yocto-tiny_5.10.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 17fc109728..a8b6aa203d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "48b12b48c1103b811263aaed4d81bfb8b24fdfc4"
-SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
+SRCREV_machine ?= "7f96d3fd60eea0ab38afdf07b3fc7c8c9f501802"
+SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.103"
+LINUX_VERSION ?= "5.10.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 9a4bf39b46..758260c3d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.103"
+LINUX_VERSION ?= "5.10.107"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "3c9683e7166044d91c0ef900491f2f881a8bd6b7"
-SRCREV_machine ?= "7f3e78220d6510de21d74e3f330f1f93cb635745"
-SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
+SRCREV_machine:qemuarm ?= "d47f1b40f2f77d0c810defd853c69eb39cb84bf5"
+SRCREV_machine ?= "1ae0844c6a36151066744e43fd30db3a946bc21d"
+SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 3aa28b3009..9c1bd26b36 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.10/standard/base"
KBRANCH:qemux86-64 ?= "v5.10/standard/base"
KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "ed7ac660431f6eb29add763876d7a10b6a6e539e"
-SRCREV_machine:qemuarm64 ?= "9ca22664eb7cd86b7c91770bdaa1c5581a081938"
-SRCREV_machine:qemumips ?= "4d5c2b576ee19c6ede626f2ffdb6a96d06ddd065"
-SRCREV_machine:qemuppc ?= "54e5ceedcce6039a0479eaeea000e3c42cf4e4bc"
-SRCREV_machine:qemuriscv64 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
-SRCREV_machine:qemuriscv32 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
-SRCREV_machine:qemux86 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
-SRCREV_machine:qemux86-64 ?= "0370165abaa08fa66808c54ed345eb70a558268b"
-SRCREV_machine:qemumips64 ?= "012ce81097a4d2d94a7d5cb596fb4ad7d8f438f1"
-SRCREV_machine ?= "0370165abaa08fa66808c54ed345eb70a558268b"
-SRCREV_meta ?= "cec5f94cd2090d98b2dcfeee7a4258ae6adce506"
+SRCREV_machine:qemuarm ?= "2ef8231651bb6a4c79b307f59a794b92238546ec"
+SRCREV_machine:qemuarm64 ?= "00684b441f15d202c5849eed164a9b3b94a5c1e8"
+SRCREV_machine:qemumips ?= "661a4f517906253e074fe301d68ff1e6b6968e9f"
+SRCREV_machine:qemuppc ?= "bff933cb7a11019c64e6034c48ab79453f75b99e"
+SRCREV_machine:qemuriscv64 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
+SRCREV_machine:qemuriscv32 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
+SRCREV_machine:qemux86 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
+SRCREV_machine:qemux86-64 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
+SRCREV_machine:qemumips64 ?= "7a89b456542ff1fa0ab71fa4a2ae6f04281f3a2d"
+SRCREV_machine ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
+SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE:qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.103"
+LINUX_VERSION ?= "5.10.107"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 13/22] gnu-config: update SRC_URI
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (11 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 12/22] linux-yocto/5.10: update to v5.10.107 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 14/22] virglrenderer: " Anuj Mittal
` (8 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Minjae Kim <flowergom@gmail.com>
The git repo for gnu-config was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6d0133c38fcb9b5ac3bdeaf65ef4d2cca2fc0586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/gnu-config/gnu-config_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
index 794e39546c..f4bc752d9f 100644
--- a/meta/recipes-devtools/gnu-config/gnu-config_git.bb
+++ b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
@@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1"
SRCREV = "805517123cbfe33d17c989a18e78c5789fab0437"
PV = "20210722+git${SRCPV}"
-SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \
+SRC_URI = "git://git.savannah.gnu.org/git/config.git;protocol=https;branch=master \
file://gnu-configize.in"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_COMMITS = "1"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 14/22] virglrenderer: update SRC_URI
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (12 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 13/22] gnu-config: update SRC_URI Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 15/22] sanity: Add warning for local hasheqiv server with remote sstate mirrors Anuj Mittal
` (7 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Minjae Kim <flowergom@gmail.com>
The git repo for virglrenderer was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 284ffefcb7731dfd317d535d3b1e363751aead01)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
index c18018759b..14e39fdb20 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
DEPENDS = "libdrm virtual/libgl virtual/libgbm libepoxy"
SRCREV = "363915595e05fb252e70d6514be2f0c0b5ca312b"
-SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=branch-0.9.1 \
+SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1 \
file://0001-meson.build-use-python3-directly-for-python.patch \
file://cve-2022-0135.patch \
file://cve-2022-0175.patch \
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 15/22] sanity: Add warning for local hasheqiv server with remote sstate mirrors
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (13 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 14/22] virglrenderer: " Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 16/22] libxml2: move to gitlab.gnome.org Anuj Mittal
` (6 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We're seeing a lot of users configuring an sstate mirror but not realising that
the default hash equivalenve setting will make this ineffective. Add a warning
to highlight this to the user for the common case.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ae4eb33b5a6a037348e8f66e3d4f19b58dba8fa2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/classes/sanity.bbclass | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 49eef2f418..a175a1104f 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -941,6 +941,11 @@ def check_sanity_everybuild(status, d):
mirror_base = urllib.parse.urlparse(mirror[:-1*len('/PATH')]).path
check_symlink(mirror_base, d)
+ # Check sstate mirrors aren't being used with a local hash server and no remote
+ hashserv = d.getVar("BB_HASHSERVE")
+ if d.getVar("SSTATE_MIRRORS") and hashserv and hashserv.startswith("unix://") and not d.getVar("BB_HASHSERVE_UPSTREAM"):
+ bb.warn("You are using a local hash equivalence server but have configured an sstate mirror. This will likely mean no sstate will match from the mirror. You may wish to disable the hash equivalence use (BB_HASHSERVE), or use a hash equivalence server alongside the sstate mirror.")
+
# Check that TMPDIR hasn't changed location since the last time we were run
tmpdir = d.getVar('TMPDIR')
checkfile = os.path.join(tmpdir, "saved_tmpdir")
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 16/22] libxml2: move to gitlab.gnome.org
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (14 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 15/22] sanity: Add warning for local hasheqiv server with remote sstate mirrors Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 17/22] libxml2: update to 2.9.13 Anuj Mittal
` (5 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ralph Siemsen <ralph.siemsen@linaro.org>
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.
Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-core/libxml/libxml2_2.9.12.bb | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-core/libxml/libxml2_2.9.12.bb b/meta/recipes-core/libxml/libxml2_2.9.12.bb
index a7939c9713..3508733cc0 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.12.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.12.bb
@@ -1,6 +1,6 @@
SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
-HOMEPAGE = "http://www.xmlsoft.org/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
@@ -11,8 +11,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
DEPENDS = "zlib virtual/libiconv"
-SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
- http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
+inherit gnomebase
+
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
file://libxml-64bit.patch \
file://runtest.patch \
file://run-ptest \
@@ -24,7 +25,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://0002-Work-around-lxml-API-abuse.patch \
"
-SRC_URI[libtar.sha256sum] = "c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92"
+SRC_URI[archive.sha256sum] = "28a92f6ab1f311acf5e478564c49088ef0ac77090d9c719bbc5d518f1fe62eb9"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
BINCONFIG = "${bindir}/xml2-config"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 17/22] libxml2: update to 2.9.13
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (15 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 16/22] libxml2: move to gitlab.gnome.org Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 18/22] libxml2: fix CVE-2022-23308 regression Anuj Mittal
` (4 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ralph Siemsen <ralph.siemsen@linaro.org>
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../0002-Work-around-lxml-API-abuse.patch | 213 ------------------
.../libxml2/libxml-m4-use-pkgconfig.patch | 16 +-
.../{libxml2_2.9.12.bb => libxml2_2.9.13.bb} | 5 +-
3 files changed, 8 insertions(+), 226 deletions(-)
delete mode 100644 meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
rename meta/recipes-core/libxml/{libxml2_2.9.12.bb => libxml2_2.9.13.bb} (96%)
diff --git a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch b/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
deleted file mode 100644
index f09ce9707a..0000000000
--- a/meta/recipes-core/libxml/libxml2/0002-Work-around-lxml-API-abuse.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-From 85b1792e37b131e7a51af98a37f92472e8de5f3f Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 18 May 2021 20:08:28 +0200
-Subject: [PATCH] Work around lxml API abuse
-
-Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
-parent pointers. This used to work with the old recursive code but the
-non-recursive rewrite required parent pointers to be set correctly.
-
-Unfortunately, lxml relies on the old behavior and passes subtrees with
-a corrupted structure. Fall back to a recursive function call if an
-invalid parent pointer is detected.
-
-Fixes #255.
-
-Upstream-Status: Backport [85b1792e37b131e7a51af98a37f92472e8de5f3f]
----
- HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------
- xmlsave.c | 31 +++++++++++++++++++++----------
- 2 files changed, 49 insertions(+), 28 deletions(-)
-
-diff --git a/HTMLtree.c b/HTMLtree.c
-index 24434d45..bdd639c7 100644
---- a/HTMLtree.c
-+++ b/HTMLtree.c
-@@ -744,7 +744,7 @@ void
- htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
- int format) {
-- xmlNodePtr root;
-+ xmlNodePtr root, parent;
- xmlAttrPtr attr;
- const htmlElemDesc * info;
-
-@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- }
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_HTML_DOCUMENT_NODE:
-@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- if (((xmlDocPtr) cur)->intSubset != NULL) {
- htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
- }
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
- break;
-
- case XML_ELEMENT_NODE:
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
-+ break;
-+ }
-+
- /*
- * Get specific HTML info for that node.
- */
-@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (cur->name != NULL) &&
- (cur->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (info != NULL) && (!info->isinline)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
-
-@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- break;
- if (((cur->name == (const xmlChar *)xmlStringText) ||
- (cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
-- ((cur->parent == NULL) ||
-- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
-- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
-+ ((parent == NULL) ||
-+ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
-+ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
- xmlChar *buffer;
-
- buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
-@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
- (cur->type == XML_DOCUMENT_NODE)) {
-@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (cur->next != NULL)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
- }
-diff --git a/xmlsave.c b/xmlsave.c
-index 61a40459..aedbd5e7 100644
---- a/xmlsave.c
-+++ b/xmlsave.c
-@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- static void
- xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- int format = ctxt->format;
-- xmlNodePtr tmp, root, unformattedNode = NULL;
-+ xmlNodePtr tmp, root, unformattedNode = NULL, parent;
- xmlAttrPtr attr;
- xmlChar *start, *end;
- xmlOutputBufferPtr buf;
-@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- buf = ctxt->buf;
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_DOCUMENT_NODE:
-@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
-
- case XML_DOCUMENT_FRAG_NODE:
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
-
- case XML_ELEMENT_NODE:
-- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ xmlNodeDumpOutputInternal(ctxt, cur);
-+ break;
-+ }
-+
-+ if ((ctxt->level > 0) && (ctxt->format == 1) &&
-+ (xmlIndentTreeOutput))
- xmlOutputBufferWrite(buf, ctxt->indent_size *
- (ctxt->level > ctxt->indent_nr ?
- ctxt->indent_nr : ctxt->level),
-@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- xmlOutputBufferWrite(buf, 1, ">");
- if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
- if (ctxt->level >= 0) ctxt->level++;
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if (cur->type == XML_ELEMENT_NODE) {
- if (ctxt->level > 0) ctxt->level--;
---
-2.32.0
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 90fa193775..6f44275299 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -18,11 +18,11 @@ Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
libxml.m4 | 190 ++----------------------------------------------------
1 file changed, 5 insertions(+), 185 deletions(-)
-diff --git a/libxml.m4 b/libxml.m4
-index 09de9fe2..1c535853 100644
---- a/libxml.m4
-+++ b/libxml.m4
-@@ -1,192 +1,12 @@
+Index: libxml2-2.9.13/libxml.m4
+===================================================================
+--- libxml2-2.9.13.orig/libxml.m4
++++ libxml2-2.9.13/libxml.m4
+@@ -1,191 +1,12 @@
-# Configure paths for LIBXML2
-# Simon Josefsson 2020-02-12
-# Fix autoconf 2.70+ warnings
@@ -147,9 +147,8 @@ index 09de9fe2..1c535853 100644
- {
- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n",
- xml_major_version, xml_minor_version, xml_micro_version);
-- printf("*** You need a version of libxml newer than %d.%d.%d. The latest version of\n",
+- printf("*** You need a version of libxml newer than %d.%d.%d.\n",
- major, minor, micro);
-- printf("*** libxml is always available from ftp://ftp.xmlsoft.org.\n");
- printf("***\n");
- printf("*** If you have already installed a sufficiently new version, this error\n");
- printf("*** probably means that the wrong copy of the xml2-config shell script is\n");
@@ -220,6 +219,3 @@ index 09de9fe2..1c535853 100644
- AC_SUBST(XML_LIBS)
- rm -f conf.xmltest
])
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2_2.9.12.bb b/meta/recipes-core/libxml/libxml2_2.9.13.bb
similarity index 96%
rename from meta/recipes-core/libxml/libxml2_2.9.12.bb
rename to meta/recipes-core/libxml/libxml2_2.9.13.bb
index 3508733cc0..be59aba84b 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.12.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.13.bb
@@ -18,14 +18,13 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://runtest.patch \
file://run-ptest \
file://python-sitepackages-dir.patch \
- file://libxml-m4-use-pkgconfig.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
file://fix-execution-of-ptests.patch \
file://remove-fuzz-from-ptests.patch \
- file://0002-Work-around-lxml-API-abuse.patch \
+ file://libxml-m4-use-pkgconfig.patch \
"
-SRC_URI[archive.sha256sum] = "28a92f6ab1f311acf5e478564c49088ef0ac77090d9c719bbc5d518f1fe62eb9"
+SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
BINCONFIG = "${bindir}/xml2-config"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 18/22] libxml2: fix CVE-2022-23308 regression
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (16 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 17/22] libxml2: update to 2.9.13 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 19/22] grub: ignore CVE-2021-46705 Anuj Mittal
` (3 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Joe Slater <joe.slater@windriver.com>
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13. We import that patch here.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f7fd194feb4f7993518388160acd5199fcfc3b26)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../CVE-2022-23308-fix-regression.patch | 99 +++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.13.bb | 3 +
2 files changed, 102 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
new file mode 100644
index 0000000000..e188914613
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
@@ -0,0 +1,99 @@
+From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+---
+
+From https://github.com/GNOME/libxml2.git
+ commit 646fe48d1c8a74310c409ddf81fe7df6700052af
+
+CVE: CVE-2022-23308
+Upstream-Status: Backport
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/valid.c b/valid.c
+index 8e596f1d..9684683a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+ return (ret);
+ }
+
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+- xmlChar *dst;
+- const xmlChar *src;
+-
+- if (str == NULL)
+- return;
+- src = str;
+- dst = str;
+-
+- while (*src == 0x20) src++;
+- while (*src != 0) {
+- if (*src == 0x20) {
+- while (*src == 0x20) src++;
+- if (*src != 0)
+- *dst++ = 0x20;
+- } else {
+- *dst++ = *src++;
+- }
+- }
+- *dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
+ (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
+ xmlFree((char *)(str));
+
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++ xmlChar *dst;
++ const xmlChar *src;
++
++ if (str == NULL)
++ return;
++ src = str;
++ dst = str;
++
++ while (*src == 0x20) src++;
++ while (*src != 0) {
++ if (*src == 0x20) {
++ while (*src == 0x20) src++;
++ if (*src != 0)
++ *dst++ = 0x20;
++ } else {
++ *dst++ = *src++;
++ }
++ }
++ *dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+ xmlParserCtxtPtr pctxt;
+--
+2.35.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.13.bb b/meta/recipes-core/libxml/libxml2_2.9.13.bb
index be59aba84b..e361b53bfd 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.13.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.13.bb
@@ -23,6 +23,9 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
"
+# will be in v2.9.14
+#
+SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 19/22] grub: ignore CVE-2021-46705
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (17 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 18/22] libxml2: fix CVE-2022-23308 regression Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 20/22] oeqa/selftest/devtool: ensure Git username is set before upgrade tests Anuj Mittal
` (2 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
This is specific to SUSE Linux.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 594baef3b08d40fbbf1899f4cadeb9931c035c1a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-bsp/grub/grub2.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a72a562c5a..bdb3e2d999 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -27,6 +27,8 @@ SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae
# Applies only to RHEL
CVE_CHECK_WHITELIST += "CVE-2019-14865"
+# Applies only to SUSE
+CVE_CHECK_WHITELIST += "CVE-2021-46705"
DEPENDS = "flex-native bison-native gettext-native"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 20/22] oeqa/selftest/devtool: ensure Git username is set before upgrade tests
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (18 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 19/22] grub: ignore CVE-2021-46705 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 21/22] zlib: backport the fix for CVE-2018-25032 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 22/22] webkitgtk: update to 2.32.4 Anuj Mittal
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
The 'devtool upgrade' tests fail if Git doesn't know the user's name or
email, so verify this before the tests start and skip if it is not.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b4d8aca97a1ead38ce55f3bb5859d3d05d9dd84f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index a2b4d7f7d1..1fe0628a44 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -1464,6 +1464,14 @@ class DevtoolExtractTests(DevtoolBase):
class DevtoolUpgradeTests(DevtoolBase):
+ def setUp(self):
+ super().setUp()
+ try:
+ runCmd("git config --global user.name")
+ runCmd("git config --global user.email")
+ except:
+ self.skip("Git user.name and user.email must be set")
+
def test_devtool_upgrade(self):
# Check preconditions
self.assertTrue(not os.path.exists(self.workspacedir), 'This test cannot be run with a workspace directory under the build directory')
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 21/22] zlib: backport the fix for CVE-2018-25032
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (19 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 20/22] oeqa/selftest/devtool: ensure Git username is set before upgrade tests Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 22/22] webkitgtk: update to 2.32.4 Anuj Mittal
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../zlib/zlib/CVE-2018-25032.patch | 347 ++++++++++++++++++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
2 files changed, 348 insertions(+)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
diff --git a/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
new file mode 100644
index 0000000000..5cb6183641
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
@@ -0,0 +1,347 @@
+CVE: CVE-2018-25032
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 17 Apr 2018 22:09:22 -0700
+Subject: [PATCH] Fix a bug that can crash deflate on some input when using
+ Z_FIXED.
+
+This bug was reported by Danilo Ramos of Eideticom, Inc. It has
+lain in wait 13 years before being found! The bug was introduced
+in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
+option forces the use of fixed Huffman codes. For rare inputs with
+a large number of distant matches, the pending buffer into which
+the compressed data is written can overwrite the distance symbol
+table which it overlays. That results in corrupted output due to
+invalid distances, and can result in out-of-bound accesses,
+crashing the application.
+
+The fix here combines the distance buffer and literal/length
+buffers into a single symbol buffer. Now three bytes of pending
+buffer space are opened up for each literal or length/distance
+pair consumed, instead of the previous two bytes. This assures
+that the pending buffer cannot overwrite the symbol table, since
+the maximum fixed code compressed length/distance is 31 bits, and
+since there are four bytes of pending space for every three bytes
+of symbol space.
+---
+ deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
+ deflate.h | 25 +++++++++----------
+ trees.c | 50 +++++++++++--------------------------
+ 3 files changed, 79 insertions(+), 70 deletions(-)
+
+diff --git a/deflate.c b/deflate.c
+index 425babc00..19cba873a 100644
+--- a/deflate.c
++++ b/deflate.c
+@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+ int wrap = 1;
+ static const char my_version[] = ZLIB_VERSION;
+
+- ushf *overlay;
+- /* We overlay pending_buf and d_buf+l_buf. This works since the average
+- * output size for (length,distance) codes is <= 24 bits.
+- */
+-
+ if (version == Z_NULL || version[0] != my_version[0] ||
+ stream_size != sizeof(z_stream)) {
+ return Z_VERSION_ERROR;
+@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+
+ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
+- s->pending_buf = (uchf *) overlay;
+- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
++ /* We overlay pending_buf and sym_buf. This works since the average size
++ * for length/distance pairs over any compressed block is assured to be 31
++ * bits or less.
++ *
++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
++ * possible fixed-codes length/distance pair is then 31 bits total.
++ *
++ * sym_buf starts one-fourth of the way into pending_buf. So there are
++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
++ * in sym_buf is three bytes -- two for the distance and one for the
++ * literal/length. As each symbol is consumed, the pointer to the next
++ * sym_buf value to read moves forward three bytes. From that symbol, up to
++ * 31 bits are written to pending_buf. The closest the written pending_buf
++ * bits gets to the next sym_buf symbol to read is just before the last
++ * code is written. At that time, 31*(n-2) bits have been written, just
++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
++ * symbols are written.) The closest the writing gets to what is unread is
++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
++ * can range from 128 to 32768.
++ *
++ * Therefore, at a minimum, there are 142 bits of space between what is
++ * written and what is read in the overlain buffers, so the symbols cannot
++ * be overwritten by the compressed data. That space is actually 139 bits,
++ * due to the three-bit fixed-code block header.
++ *
++ * That covers the case where either Z_FIXED is specified, forcing fixed
++ * codes, or when the use of fixed codes is chosen, because that choice
++ * results in a smaller compressed block than dynamic codes. That latter
++ * condition then assures that the above analysis also covers all dynamic
++ * blocks. A dynamic-code block will only be chosen to be emitted if it has
++ * fewer bits than a fixed-code block would for the same set of symbols.
++ * Therefore its average symbol length is assured to be less than 31. So
++ * the compressed data for a dynamic block also cannot overwrite the
++ * symbols from which it is being constructed.
++ */
++
++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
++ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
+
+ if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+ s->pending_buf == Z_NULL) {
+@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+ deflateEnd (strm);
+ return Z_MEM_ERROR;
+ }
+- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
+- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
++ s->sym_buf = s->pending_buf + s->lit_bufsize;
++ s->sym_end = (s->lit_bufsize - 1) * 3;
++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
++ * on 16 bit machines and because stored blocks are restricted to
++ * 64K-1 bytes.
++ */
+
+ s->level = level;
+ s->strategy = strategy;
+@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
+
+ if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+ s = strm->state;
+- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+ return Z_BUF_ERROR;
+ do {
+ put = Buf_size - s->bi_valid;
+@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
+ #else
+ deflate_state *ds;
+ deflate_state *ss;
+- ushf *overlay;
+
+
+ if (deflateStateCheck(source) || dest == Z_NULL) {
+@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
+ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+ ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
+ ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
+- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
+- ds->pending_buf = (uchf *) overlay;
++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
+
+ if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+ ds->pending_buf == Z_NULL) {
+@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
+ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+
+ ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
+- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+
+ ds->l_desc.dyn_tree = ds->dyn_ltree;
+ ds->d_desc.dyn_tree = ds->dyn_dtree;
+@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+diff --git a/deflate.h b/deflate.h
+index 23ecdd312..d4cf1a98b 100644
+--- a/deflate.h
++++ b/deflate.h
+@@ -217,7 +217,7 @@ typedef struct internal_state {
+ /* Depth of each subtree used as tie breaker for trees of equal frequency
+ */
+
+- uchf *l_buf; /* buffer for literals or lengths */
++ uchf *sym_buf; /* buffer for distances and literals/lengths */
+
+ uInt lit_bufsize;
+ /* Size of match buffer for literals/lengths. There are 4 reasons for
+@@ -239,13 +239,8 @@ typedef struct internal_state {
+ * - I can't count above 4
+ */
+
+- uInt last_lit; /* running index in l_buf */
+-
+- ushf *d_buf;
+- /* Buffer for distances. To simplify the code, d_buf and l_buf have
+- * the same number of elements. To use different lengths, an extra flag
+- * array would be necessary.
+- */
++ uInt sym_next; /* running index in sym_buf */
++ uInt sym_end; /* symbol table full when sym_next reaches this */
+
+ ulg opt_len; /* bit length of current block with optimal trees */
+ ulg static_len; /* bit length of current block with static trees */
+@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
+
+ # define _tr_tally_lit(s, c, flush) \
+ { uch cc = (c); \
+- s->d_buf[s->last_lit] = 0; \
+- s->l_buf[s->last_lit++] = cc; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = cc; \
+ s->dyn_ltree[cc].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ # define _tr_tally_dist(s, distance, length, flush) \
+ { uch len = (uch)(length); \
+ ush dist = (ush)(distance); \
+- s->d_buf[s->last_lit] = dist; \
+- s->l_buf[s->last_lit++] = len; \
++ s->sym_buf[s->sym_next++] = dist; \
++ s->sym_buf[s->sym_next++] = dist >> 8; \
++ s->sym_buf[s->sym_next++] = len; \
+ dist--; \
+ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+ s->dyn_dtree[d_code(dist)].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ #else
+ # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
+diff --git a/trees.c b/trees.c
+index 4f4a65011..decaeb7c3 100644
+--- a/trees.c
++++ b/trees.c
+@@ -416,7 +416,7 @@ local void init_block(s)
+
+ s->dyn_ltree[END_BLOCK].Freq = 1;
+ s->opt_len = s->static_len = 0L;
+- s->last_lit = s->matches = 0;
++ s->sym_next = s->matches = 0;
+ }
+
+ #define SMALLEST 1
+@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
+
+ Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+ opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+- s->last_lit));
++ s->sym_next / 3));
+
+ if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
+
+@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ unsigned dist; /* distance of matched string */
+ unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
+ {
+- s->d_buf[s->last_lit] = (ush)dist;
+- s->l_buf[s->last_lit++] = (uch)lc;
++ s->sym_buf[s->sym_next++] = dist;
++ s->sym_buf[s->sym_next++] = dist >> 8;
++ s->sym_buf[s->sym_next++] = lc;
+ if (dist == 0) {
+ /* lc is the unmatched char */
+ s->dyn_ltree[lc].Freq++;
+@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
+ s->dyn_dtree[d_code(dist)].Freq++;
+ }
+-
+-#ifdef TRUNCATE_BLOCK
+- /* Try to guess if it is profitable to stop the current block here */
+- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
+- /* Compute an upper bound for the compressed length */
+- ulg out_length = (ulg)s->last_lit*8L;
+- ulg in_length = (ulg)((long)s->strstart - s->block_start);
+- int dcode;
+- for (dcode = 0; dcode < D_CODES; dcode++) {
+- out_length += (ulg)s->dyn_dtree[dcode].Freq *
+- (5L+extra_dbits[dcode]);
+- }
+- out_length >>= 3;
+- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
+- s->last_lit, in_length, out_length,
+- 100L - out_length*100L/in_length));
+- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
+- }
+-#endif
+- return (s->last_lit == s->lit_bufsize-1);
+- /* We avoid equality with lit_bufsize because of wraparound at 64K
+- * on 16 bit machines and because stored blocks are restricted to
+- * 64K-1 bytes.
+- */
++ return (s->sym_next == s->sym_end);
+ }
+
+ /* ===========================================================================
+@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
+ {
+ unsigned dist; /* distance of matched string */
+ int lc; /* match length or unmatched char (if dist == 0) */
+- unsigned lx = 0; /* running index in l_buf */
++ unsigned sx = 0; /* running index in sym_buf */
+ unsigned code; /* the code to send */
+ int extra; /* number of extra bits to send */
+
+- if (s->last_lit != 0) do {
+- dist = s->d_buf[lx];
+- lc = s->l_buf[lx++];
++ if (s->sym_next != 0) do {
++ dist = s->sym_buf[sx++] & 0xff;
++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
++ lc = s->sym_buf[sx++];
+ if (dist == 0) {
+ send_code(s, lc, ltree); /* send a literal byte */
+ Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
+ }
+ } /* literal or match pair ? */
+
+- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
+- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
+- "pendingBuf overflow");
++ /* Check that the overlay between pending_buf and sym_buf is ok: */
++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+
+- } while (lx < s->last_lit);
++ } while (sx < s->sym_next);
+
+ send_code(s, END_BLOCK, ltree);
+ }
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 1c06aa0ab5..11a076e496 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6
SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://ldflags-tests.patch \
+ file://CVE-2018-25032.patch \
file://run-ptest \
"
UPSTREAM_CHECK_URI = "http://zlib.net/"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [honister][PATCH 22/22] webkitgtk: update to 2.32.4
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
` (20 preceding siblings ...)
2022-04-05 14:41 ` [honister][PATCH 21/22] zlib: backport the fix for CVE-2018-25032 Anuj Mittal
@ 2022-04-05 14:41 ` Anuj Mittal
21 siblings, 0 replies; 23+ messages in thread
From: Anuj Mittal @ 2022-04-05 14:41 UTC (permalink / raw)
To: openembedded-core
From: Chee Yang Lee <chee.yang.lee@intel.com>
This is a bug fix release in the stable 2.32 series.
new in the WebKitGTK 2.32.4 release:
Do not append .asc extension to downloaded text/plain files.
Fix several crashes and rendering issues.
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
Also update patch file to fix fuzz.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch | 2 +-
.../webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-sato/webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} (98%)
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
index 6d7d7067e4..5fc7be8d61 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
@@ -24,7 +24,7 @@ index f316f49..de81ce0 100644
--- a/Source/cmake/OptionsGTK.cmake
+++ b/Source/cmake/OptionsGTK.cmake
@@ -6,6 +6,7 @@ WEBKIT_OPTION_BEGIN()
- SET_PROJECT_VERSION(2 32 3)
+ SET_PROJECT_VERSION(2 32 4)
set(USER_AGENT_BRANDING "" CACHE STRING "Branding to add to user agent string")
+set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
index bab1c17902..3e0ecb4611 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
@@ -22,7 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://reproducibility.patch \
"
-SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
+SRC_URI[sha256sum] = "00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
end of thread, other threads:[~2022-04-05 17:24 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-05 14:41 [honister][PATCH 00/22] Patch review Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 01/22] conf/machine: fix QEMU x86 sound options Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 02/22] oe-pkgdata-util: Adapt to the new variable override syntax Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 03/22] linux-firmware: upgrade 20220209 -> 20220310 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 04/22] devupstream: fix handling of SRC_URI Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 05/22] toaster: Fix broken overrides usage Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 06/22] pseudo: Add patch to workaround paths with crazy lengths Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 07/22] tiff: backport CVE fixes: Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 08/22] linux-yocto: nohz_full boot arg fix Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 09/22] linux-yocto/5.10: split vtpm for more granular inclusion Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 10/22] linux-yocto/5.10: cfg/debug: add configs for kcsan Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 11/22] linux-yocto-rt/5.10: update to -rt61 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 12/22] linux-yocto/5.10: update to v5.10.107 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 13/22] gnu-config: update SRC_URI Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 14/22] virglrenderer: " Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 15/22] sanity: Add warning for local hasheqiv server with remote sstate mirrors Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 16/22] libxml2: move to gitlab.gnome.org Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 17/22] libxml2: update to 2.9.13 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 18/22] libxml2: fix CVE-2022-23308 regression Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 19/22] grub: ignore CVE-2021-46705 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 20/22] oeqa/selftest/devtool: ensure Git username is set before upgrade tests Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 21/22] zlib: backport the fix for CVE-2018-25032 Anuj Mittal
2022-04-05 14:41 ` [honister][PATCH 22/22] webkitgtk: update to 2.32.4 Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.