* [hardknott][PATCH 01/17] ruby: Security fixes for CVE-2021-31810/CVE-2021-32066
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 02/17] ruby: fix CVE-2021-31799 Anuj Mittal
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Yi Zhao <yi.zhao@windriver.com>
CVE-2021-31810:
A malicious FTP server can use the PASV response to trick Net::FTP into
connecting back to a given IP address and port. This potentially makes
Net::FTP extract information about services that are otherwise private
and not disclosed (e.g., the attacker can conduct port scans and service
banner extractions).
CVE-2021-32066:
Net::IMAP does not raise an exception when StartTLS fails with an
unknown response, which might allow man-in-the-middle attackers to
bypass the TLS protections by leveraging a network position between the
client and the registry to block the StartTLS command, aka a “StartTLS
stripping attack.”
References:
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
Patches from:
https://github.com/ruby/ruby/commit/bf4d05173c7cf04d8892e4b64508ecf7902717cd
https://github.com/ruby/ruby/commit/e2ac25d0eb66de99f098d6669cf4f06796aa6256
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ruby/ruby/CVE-2021-31810.patch | 258 ++++++++++++++++++
.../ruby/ruby/CVE-2021-32066.patch | 102 +++++++
meta/recipes-devtools/ruby/ruby_3.0.1.bb | 2 +
3 files changed, 362 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-31810.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-32066.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31810.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31810.patch
new file mode 100644
index 0000000000..69d774e0b7
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-31810.patch
@@ -0,0 +1,258 @@
+From 8cebc092cd18f4cfb669f66018ea8ffc6f408584 Mon Sep 17 00:00:00 2001
+From: Yusuke Endoh <mame@ruby-lang.org>
+Date: Wed, 7 Jul 2021 11:57:15 +0900
+Subject: [PATCH] Ignore IP addresses in PASV responses by default, and add new
+ option use_pasv_ip
+
+This fixes CVE-2021-31810.
+Reported by Alexandr Savca.
+
+Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
+
+CVE: CVE-2021-31810
+
+Upstream-Status: Backport
+[https://github.com/ruby/ruby/commit/bf4d05173c7cf04d8892e4b64508ecf7902717cd]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ lib/net/ftp.rb | 15 +++-
+ test/net/ftp/test_ftp.rb | 159 ++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 170 insertions(+), 4 deletions(-)
+
+diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
+index 88e8655..d6f5cc3 100644
+--- a/lib/net/ftp.rb
++++ b/lib/net/ftp.rb
+@@ -98,6 +98,10 @@ module Net
+ # When +true+, the connection is in passive mode. Default: +true+.
+ attr_accessor :passive
+
++ # When +true+, use the IP address in PASV responses. Otherwise, it uses
++ # the same IP address for the control connection. Default: +false+.
++ attr_accessor :use_pasv_ip
++
+ # When +true+, all traffic to and from the server is written
+ # to +$stdout+. Default: +false+.
+ attr_accessor :debug_mode
+@@ -206,6 +210,9 @@ module Net
+ # handshake.
+ # See Net::FTP#ssl_handshake_timeout for
+ # details. Default: +nil+.
++ # use_pasv_ip:: When +true+, use the IP address in PASV responses.
++ # Otherwise, it uses the same IP address for the control
++ # connection. Default: +false+.
+ # debug_mode:: When +true+, all traffic to and from the server is
+ # written to +$stdout+. Default: +false+.
+ #
+@@ -266,6 +273,7 @@ module Net
+ @open_timeout = options[:open_timeout]
+ @ssl_handshake_timeout = options[:ssl_handshake_timeout]
+ @read_timeout = options[:read_timeout] || 60
++ @use_pasv_ip = options[:use_pasv_ip] || false
+ if host
+ connect(host, options[:port] || FTP_PORT)
+ if options[:username]
+@@ -1371,7 +1379,12 @@ module Net
+ raise FTPReplyError, resp
+ end
+ if m = /\((?<host>\d+(?:,\d+){3}),(?<port>\d+,\d+)\)/.match(resp)
+- return parse_pasv_ipv4_host(m["host"]), parse_pasv_port(m["port"])
++ if @use_pasv_ip
++ host = parse_pasv_ipv4_host(m["host"])
++ else
++ host = @bare_sock.remote_address.ip_address
++ end
++ return host, parse_pasv_port(m["port"])
+ else
+ raise FTPProtoError, resp
+ end
+diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb
+index 023e794..243d4ad 100644
+--- a/test/net/ftp/test_ftp.rb
++++ b/test/net/ftp/test_ftp.rb
+@@ -61,7 +61,7 @@ class FTPTest < Test::Unit::TestCase
+ end
+
+ def test_parse227
+- ftp = Net::FTP.new
++ ftp = Net::FTP.new(nil, use_pasv_ip: true)
+ host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)")
+ assert_equal("192.168.0.1", host)
+ assert_equal(3106, port)
+@@ -80,6 +80,14 @@ class FTPTest < Test::Unit::TestCase
+ assert_raise(Net::FTPProtoError) do
+ ftp.send(:parse227, "227 ) foo bar (")
+ end
++
++ ftp = Net::FTP.new
++ sock = OpenStruct.new
++ sock.remote_address = OpenStruct.new
++ sock.remote_address.ip_address = "10.0.0.1"
++ ftp.instance_variable_set(:@bare_sock, sock)
++ host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)")
++ assert_equal("10.0.0.1", host)
+ end
+
+ def test_parse228
+@@ -2474,10 +2482,155 @@ EOF
+ end
+ end
+
++ def test_ignore_pasv_ip
++ commands = []
++ binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
++ server = create_ftp_server(nil, "127.0.0.1") { |sock|
++ sock.print("220 (test_ftp).\r\n")
++ commands.push(sock.gets)
++ sock.print("331 Please specify the password.\r\n")
++ commands.push(sock.gets)
++ sock.print("230 Login successful.\r\n")
++ commands.push(sock.gets)
++ sock.print("200 Switching to Binary mode.\r\n")
++ line = sock.gets
++ commands.push(line)
++ data_server = TCPServer.new("127.0.0.1", 0)
++ port = data_server.local_address.ip_port
++ sock.printf("227 Entering Passive Mode (999,0,0,1,%s).\r\n",
++ port.divmod(256).join(","))
++ commands.push(sock.gets)
++ sock.print("150 Opening BINARY mode data connection for foo (#{binary_data.size} bytes)\r\n")
++ conn = data_server.accept
++ binary_data.scan(/.{1,1024}/nm) do |s|
++ conn.print(s)
++ end
++ conn.shutdown(Socket::SHUT_WR)
++ conn.read
++ conn.close
++ data_server.close
++ sock.print("226 Transfer complete.\r\n")
++ }
++ begin
++ begin
++ ftp = Net::FTP.new
++ ftp.passive = true
++ ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
++ ftp.connect("127.0.0.1", server.port)
++ ftp.login
++ assert_match(/\AUSER /, commands.shift)
++ assert_match(/\APASS /, commands.shift)
++ assert_equal("TYPE I\r\n", commands.shift)
++ buf = ftp.getbinaryfile("foo", nil)
++ assert_equal(binary_data, buf)
++ assert_equal(Encoding::ASCII_8BIT, buf.encoding)
++ assert_equal("PASV\r\n", commands.shift)
++ assert_equal("RETR foo\r\n", commands.shift)
++ assert_equal(nil, commands.shift)
++ ensure
++ ftp.close if ftp
++ end
++ ensure
++ server.close
++ end
++ end
++
++ def test_use_pasv_ip
++ commands = []
++ binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
++ server = create_ftp_server(nil, "127.0.0.1") { |sock|
++ sock.print("220 (test_ftp).\r\n")
++ commands.push(sock.gets)
++ sock.print("331 Please specify the password.\r\n")
++ commands.push(sock.gets)
++ sock.print("230 Login successful.\r\n")
++ commands.push(sock.gets)
++ sock.print("200 Switching to Binary mode.\r\n")
++ line = sock.gets
++ commands.push(line)
++ data_server = TCPServer.new("127.0.0.1", 0)
++ port = data_server.local_address.ip_port
++ sock.printf("227 Entering Passive Mode (127,0,0,1,%s).\r\n",
++ port.divmod(256).join(","))
++ commands.push(sock.gets)
++ sock.print("150 Opening BINARY mode data connection for foo (#{binary_data.size} bytes)\r\n")
++ conn = data_server.accept
++ binary_data.scan(/.{1,1024}/nm) do |s|
++ conn.print(s)
++ end
++ conn.shutdown(Socket::SHUT_WR)
++ conn.read
++ conn.close
++ data_server.close
++ sock.print("226 Transfer complete.\r\n")
++ }
++ begin
++ begin
++ ftp = Net::FTP.new
++ ftp.passive = true
++ ftp.use_pasv_ip = true
++ ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
++ ftp.connect("127.0.0.1", server.port)
++ ftp.login
++ assert_match(/\AUSER /, commands.shift)
++ assert_match(/\APASS /, commands.shift)
++ assert_equal("TYPE I\r\n", commands.shift)
++ buf = ftp.getbinaryfile("foo", nil)
++ assert_equal(binary_data, buf)
++ assert_equal(Encoding::ASCII_8BIT, buf.encoding)
++ assert_equal("PASV\r\n", commands.shift)
++ assert_equal("RETR foo\r\n", commands.shift)
++ assert_equal(nil, commands.shift)
++ ensure
++ ftp.close if ftp
++ end
++ ensure
++ server.close
++ end
++ end
++
++ def test_use_pasv_invalid_ip
++ commands = []
++ binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
++ server = create_ftp_server(nil, "127.0.0.1") { |sock|
++ sock.print("220 (test_ftp).\r\n")
++ commands.push(sock.gets)
++ sock.print("331 Please specify the password.\r\n")
++ commands.push(sock.gets)
++ sock.print("230 Login successful.\r\n")
++ commands.push(sock.gets)
++ sock.print("200 Switching to Binary mode.\r\n")
++ line = sock.gets
++ commands.push(line)
++ sock.print("227 Entering Passive Mode (999,0,0,1,48,57).\r\n")
++ commands.push(sock.gets)
++ }
++ begin
++ begin
++ ftp = Net::FTP.new
++ ftp.passive = true
++ ftp.use_pasv_ip = true
++ ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
++ ftp.connect("127.0.0.1", server.port)
++ ftp.login
++ assert_match(/\AUSER /, commands.shift)
++ assert_match(/\APASS /, commands.shift)
++ assert_equal("TYPE I\r\n", commands.shift)
++ assert_raise(SocketError) do
++ ftp.getbinaryfile("foo", nil)
++ end
++ ensure
++ ftp.close if ftp
++ end
++ ensure
++ server.close
++ end
++ end
++
+ private
+
+- def create_ftp_server(sleep_time = nil)
+- server = TCPServer.new(SERVER_ADDR, 0)
++ def create_ftp_server(sleep_time = nil, addr = SERVER_ADDR)
++ server = TCPServer.new(addr, 0)
+ @thread = Thread.start do
+ if sleep_time
+ sleep(sleep_time)
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-32066.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-32066.patch
new file mode 100644
index 0000000000..b78a74a4b5
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-32066.patch
@@ -0,0 +1,102 @@
+From e2ac25d0eb66de99f098d6669cf4f06796aa6256 Mon Sep 17 00:00:00 2001
+From: Shugo Maeda <shugo@ruby-lang.org>
+Date: Tue, 11 May 2021 10:31:27 +0900
+Subject: [PATCH] Fix StartTLS stripping vulnerability
+
+This fixes CVE-2021-32066.
+Reported by Alexandr Savca in <https://hackerone.com/reports/1178562>.
+
+CVE: CVE-2021-32066
+
+Upstream-Status: Backport
+[https://github.com/ruby/ruby/commit/e2ac25d0eb66de99f098d6669cf4f06796aa6256]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ lib/net/imap.rb | 8 +++++++-
+ test/net/imap/test_imap.rb | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/lib/net/imap.rb b/lib/net/imap.rb
+index 505b4c8950..d45304f289 100644
+--- a/lib/net/imap.rb
++++ b/lib/net/imap.rb
+@@ -1218,12 +1218,14 @@ def get_tagged_response(tag, cmd)
+ end
+ resp = @tagged_responses.delete(tag)
+ case resp.name
++ when /\A(?:OK)\z/ni
++ return resp
+ when /\A(?:NO)\z/ni
+ raise NoResponseError, resp
+ when /\A(?:BAD)\z/ni
+ raise BadResponseError, resp
+ else
+- return resp
++ raise UnknownResponseError, resp
+ end
+ end
+
+@@ -3719,6 +3721,10 @@ class BadResponseError < ResponseError
+ class ByeResponseError < ResponseError
+ end
+
++ # Error raised upon an unknown response from the server.
++ class UnknownResponseError < ResponseError
++ end
++
+ RESPONSE_ERRORS = Hash.new(ResponseError)
+ RESPONSE_ERRORS["NO"] = NoResponseError
+ RESPONSE_ERRORS["BAD"] = BadResponseError
+diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
+index 8b924b524e..85fb71d440 100644
+--- a/test/net/imap/test_imap.rb
++++ b/test/net/imap/test_imap.rb
+@@ -127,6 +127,16 @@ def test_starttls
+ imap.disconnect
+ end
+ end
++
++ def test_starttls_stripping
++ starttls_stripping_test do |port|
++ imap = Net::IMAP.new("localhost", :port => port)
++ assert_raise(Net::IMAP::UnknownResponseError) do
++ imap.starttls(:ca_file => CA_FILE)
++ end
++ imap
++ end
++ end
+ end
+
+ def start_server
+@@ -834,6 +844,27 @@ def starttls_test
+ end
+ end
+
++ def starttls_stripping_test
++ server = create_tcp_server
++ port = server.addr[1]
++ start_server do
++ sock = server.accept
++ begin
++ sock.print("* OK test server\r\n")
++ sock.gets
++ sock.print("RUBY0001 BUG unhandled command\r\n")
++ ensure
++ sock.close
++ server.close
++ end
++ end
++ begin
++ imap = yield(port)
++ ensure
++ imap.disconnect if imap && !imap.disconnected?
++ end
++ end
++
+ def create_tcp_server
+ return TCPServer.new(server_addr, 0)
+ end
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.0.1.bb b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
index 944cb81c1d..ae953a0a89 100644
--- a/meta/recipes-devtools/ruby/ruby_3.0.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
@@ -6,6 +6,8 @@ SRC_URI += " \
file://remove_has_include_macros.patch \
file://run-ptest \
file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
+ file://CVE-2021-31810.patch \
+ file://CVE-2021-32066.patch \
"
SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 02/17] ruby: fix CVE-2021-31799
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 01/17] ruby: Security fixes for CVE-2021-31810/CVE-2021-32066 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 03/17] sqlite3: fix CVE-2021-36690 Anuj Mittal
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Mingli Yu <mingli.yu@windriver.com>
Backport a patch to fix CVE-2021-31799.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ruby/ruby/CVE-2021-31799.patch | 57 +++++++++++++++++++
meta/recipes-devtools/ruby/ruby_3.0.1.bb | 1 +
2 files changed, 58 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
new file mode 100644
index 0000000000..83064e85ab
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
@@ -0,0 +1,57 @@
+From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
+From: aycabta <aycabta@gmail.com>
+Date: Sun, 2 May 2021 20:52:23 +0900
+Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
+ vulnerability in CVE-2021-31799
+
+https://github.com/ruby/rdoc/commit/a7f5d6ab88
+
+CVE: CVE-2021-31799
+
+Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/rdoc/rdoc.rb | 2 +-
+ test/rdoc/test_rdoc_rdoc.rb | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
+index 680a8612f7..904625f105 100644
+--- a/lib/rdoc/rdoc.rb
++++ b/lib/rdoc/rdoc.rb
+@@ -444,7 +444,7 @@ def remove_unparseable files
+ files.reject do |file, *|
+ file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
+ (file =~ /tags$/i and
+- open(file, 'rb') { |io|
++ File.open(file, 'rb') { |io|
+ io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
+ })
+ end
+diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
+index 3910dd4656..a83d5a1b88 100644
+--- a/test/rdoc/test_rdoc_rdoc.rb
++++ b/test/rdoc/test_rdoc_rdoc.rb
+@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
+ end
+ end
+
++ def test_remove_unparseable_CVE_2021_31799
++ temp_dir do
++ file_list = ['| touch evil.txt && echo tags']
++ file_list.each do |f|
++ FileUtils.touch f
++ end
++
++ assert_equal file_list, @rdoc.remove_unparseable(file_list)
++ assert_equal file_list, Dir.children('.')
++ end
++ end
++
+ def test_setup_output_dir
+ Dir.mktmpdir {|d|
+ path = File.join d, 'testdir'
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.0.1.bb b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
index ae953a0a89..4ac7383a97 100644
--- a/meta/recipes-devtools/ruby/ruby_3.0.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
@@ -8,6 +8,7 @@ SRC_URI += " \
file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
file://CVE-2021-31810.patch \
file://CVE-2021-32066.patch \
+ file://CVE-2021-31799.patch \
"
SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 03/17] sqlite3: fix CVE-2021-36690
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 01/17] ruby: Security fixes for CVE-2021-31810/CVE-2021-32066 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 02/17] ruby: fix CVE-2021-31799 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 04/17] apr: Security fix for CVE-2021-35940 Anuj Mittal
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
refer:
https://nvd.nist.gov/vuln/detail/CVE-2021-36690
https://www.sqlite.org/forum/forumpost/718c0a8d17
https://sqlite.org/src/info/b1e0c22ec981cf5f
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../sqlite/sqlite3/CVE-2021-36690.patch | 62 +++++++++++++++++++
meta/recipes-support/sqlite/sqlite3_3.35.0.bb | 4 +-
2 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2021-36690.patch
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2021-36690.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2021-36690.patch
new file mode 100644
index 0000000000..d383696e42
--- /dev/null
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2021-36690.patch
@@ -0,0 +1,62 @@
+From c286324a7ff1e98355b638fb821614a65ee03c0c Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Tue, 14 Sep 2021 11:28:54 +0800
+Subject: [PATCH] Fix an issue with the SQLite Expert extension when a column
+ has no collating sequence. Forum post 78165fa250.
+
+Upstream-Status: Backport [https://sqlite.org/src/info/b1e0c22ec981cf5f]
+CVE: CVE-2021-36690
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ shell.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/shell.c b/shell.c
+index de8a665..69a5c05 100644
+--- a/shell.c
++++ b/shell.c
+@@ -9054,11 +9054,13 @@ static int idxGetTableInfo(
+ rc = idxPrintfPrepareStmt(db, &p1, pzErrmsg, "PRAGMA table_xinfo=%Q", zTab);
+ while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+ const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++ const char *zColSeq = 0;
+ nByte += 1 + STRLEN(zCol);
+ rc = sqlite3_table_column_metadata(
+- db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++ db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+ );
+- nByte += 1 + STRLEN(zCol);
++ if( zColSeq==0 ) zColSeq = "binary";
++ nByte += 1 + STRLEN(zColSeq);
+ nCol++;
+ nPk += (sqlite3_column_int(p1, 5)>0);
+ }
+@@ -9078,6 +9080,7 @@ static int idxGetTableInfo(
+ nCol = 0;
+ while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+ const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++ const char *zColSeq = 0;
+ int nCopy = STRLEN(zCol) + 1;
+ pNew->aCol[nCol].zName = pCsr;
+ pNew->aCol[nCol].iPk = (sqlite3_column_int(p1, 5)==1 && nPk==1);
+@@ -9085,12 +9088,13 @@ static int idxGetTableInfo(
+ pCsr += nCopy;
+
+ rc = sqlite3_table_column_metadata(
+- db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++ db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+ );
+ if( rc==SQLITE_OK ){
+- nCopy = STRLEN(zCol) + 1;
++ if( zColSeq==0 ) zColSeq = "binary";
++ nCopy = STRLEN(zColSeq) + 1;
+ pNew->aCol[nCol].zColl = pCsr;
+- memcpy(pCsr, zCol, nCopy);
++ memcpy(pCsr, zColSeq, nCopy);
+ pCsr += nCopy;
+ }
+
+--
+2.17.1
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.35.0.bb b/meta/recipes-support/sqlite/sqlite3_3.35.0.bb
index 127065bbc1..8b2732640f 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.35.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.35.0.bb
@@ -3,7 +3,9 @@ require sqlite3.inc
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+ file://CVE-2021-36690.patch \
+"
SRC_URI[sha256sum] = "3dfb3f143c83695a555c7dd9e06ed924f9d273c287989874e102656724baf2d0"
# -19242 is only an issue in specific development branch commits
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 04/17] apr: Security fix for CVE-2021-35940
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (2 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 03/17] sqlite3: fix CVE-2021-36690 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 05/17] mc: fix CVE-2021-36370 Anuj Mittal
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Armin Kuster <akuster808@gmail.com>
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d52b78c75323fb254b5d0216f9183573b353abd3)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../apr/apr/CVE-2021-35940.patch | 58 +++++++++++++++++++
meta/recipes-support/apr/apr_1.7.0.bb | 1 +
2 files changed, 59 insertions(+)
create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch
diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 0000000000..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c (revision 1891197)
++++ b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c (revision 1891197)
++++ b/time/win32/time.c (revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+
++ if (tm->wMonth < 1 || tm->wMonth > 12)
++ return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+ * tm_gmtoff and tm_isdst data when applicable.
+ */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb
index 82317396cd..b70edfaf42 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
+ file://CVE-2021-35940.patch \
"
SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 05/17] mc: fix CVE-2021-36370
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (3 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 04/17] apr: Security fix for CVE-2021-35940 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 06/17] squashfs-tools: fix CVE-2021-40153 Anuj Mittal
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Kai Kang <kai.kang@windriver.com>
Backport patch to fix CVE-2021-36370.
CVE: CVE-2021-36370
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../mc/files/CVE-2021-36370.patch | 609 ++++++++++++++++++
meta/recipes-extended/mc/mc_4.8.26.bb | 1 +
2 files changed, 610 insertions(+)
create mode 100644 meta/recipes-extended/mc/files/CVE-2021-36370.patch
diff --git a/meta/recipes-extended/mc/files/CVE-2021-36370.patch b/meta/recipes-extended/mc/files/CVE-2021-36370.patch
new file mode 100644
index 0000000000..d6a26871bd
--- /dev/null
+++ b/meta/recipes-extended/mc/files/CVE-2021-36370.patch
@@ -0,0 +1,609 @@
+Backport patch to fix CVE-2021-36370.
+
+Upstream-Status: Backport [https://github.com/MidnightCommander/mc/commit/9235d3c]
+CVE: CVE-2021-36370
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 9235d3c232d13ad7f973346077c9cf2eaa77dc5f Mon Sep 17 00:00:00 2001
+From: Andrew Borodin <aborodin@vmail.ru>
+Date: Mon, 12 Jul 2021 08:48:18 +0300
+Subject: [PATCH] SFTPFS: verify server fingerprint (fix CVE-2021-36370).
+
+Use ~/.ssh/known_hosts file to verify server fingerprint
+using ssh way:
+
+$ ssh localhost
+The authenticity of host 'localhost (127.0.0.1)' can't be established.
+ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
+Are you sure you want to continue connecting (yes/no)? no
+ssh: Host key verification failed.
+
+$ ssh localhost
+The authenticity of host 'localhost (127.0.0.1)' can't be established.
+ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
+Are you sure you want to continue connecting (yes/no)? yes
+Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
+andrew@localhost's password:
+
+Thanks the Curl project for the used code.
+
+Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
+Signed-off-by: Yury V. Zaytsev <yury.zaytsev@moneymeets.com>
+---
+ doc/man/mc.1.in | 15 ++
+ doc/man/ru/mc.1.in | 14 ++
+ src/vfs/sftpfs/connection.c | 428 +++++++++++++++++++++++++++++++++++-
+ src/vfs/sftpfs/internal.h | 5 +-
+ 4 files changed, 452 insertions(+), 10 deletions(-)
+
+diff --git a/doc/man/mc.1.in b/doc/man/mc.1.in
+index c0c06e32f7..7a3d118384 100644
+--- a/doc/man/mc.1.in
++++ b/doc/man/mc.1.in
+@@ -3364,6 +3364,21 @@ Examples:
+ sftp://joe@noncompressed.ssh.edu/private
+ sftp://joe@somehost.ssh.edu:2222/private
+ .fi
++.PP
++When establishing the connection, server key fingerprint is verified using
++the ~/.ssh/known_hosts file. If the host/key pair is not found or the host is found,
++but the key doesn't match, an appropriate message is shown.
++There are three buttons in the message dialog:
++.PP
++.B [Yes]
++add new host/key pair to the ~/.ssh/known_hosts file and continue.
++.PP
++.B [Ignore]
++do not add new host/key pair to the ~/.ssh/known_hosts file, but continue
++nevertheless (at you own risk).
++.PP
++.B [No]
++abort connection.
+ .\"NODE " Undelete File System"
+ .SH " Undelete File System"
+ On Linux systems, if you asked configure to use the ext2fs undelete
+diff --git a/doc/man/ru/mc.1.in b/doc/man/ru/mc.1.in
+index 7609da1127..bc0c1810a9 100644
+--- a/doc/man/ru/mc.1.in
++++ b/doc/man/ru/mc.1.in
+@@ -3874,6 +3874,20 @@ bash\-совместимая оболочка shell.
+ sftp://joe@noncompressed.ssh.edu/private
+ sftp://joe@somehost.ssh.edu:2222/private
+ .fi
++При установлении соединения происходит проверка ключа сервера с использованием
++файла ~/.ssh/known_hosts file. Если пара сервер/ключ в этом файле не найдена
++или сервер найден, но ключ не соответствует, пользователю показывается
++окно с соответствующим сообщением, содержащее три кнопки:
++.PP
++.B [Да]
++добавить новую пару сервер/ключ в файл ~/.ssh/known_hosts и продолжить соединение.
++.PP
++.B [Игнорировать]
++не добавлять новую пару сервер/ключ в файл ~/.ssh/known_hosts и всё равно
++продолжить соединение (на свой страх и риск).
++.PP
++.B [Нет]
++прервать соединение.
+ .\"NODE " Undelete File System"
+ .SH " Файловая система UFS (Undelete File System)"
+ В ОС Linux можно сконфигурировать файловую систему ext2fs, используемую
+diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c
+index 9f8ea5633b..acd5026515 100644
+--- a/src/vfs/sftpfs/connection.c
++++ b/src/vfs/sftpfs/connection.c
+@@ -42,6 +42,8 @@
+ #include "lib/util.h"
+ #include "lib/tty/tty.h" /* tty_enable_interrupt_key () */
+ #include "lib/vfs/utilvfs.h"
++#include "lib/mcconfig.h" /* mc_config_get_home_dir () */
++#include "lib/widget.h" /* query_dialog () */
+
+ #include "internal.h"
+
+@@ -49,10 +51,37 @@
+
+ /*** file scope macro definitions ****************************************************************/
+
++#define SHA1_DIGEST_LENGTH 20
++
+ /*** file scope type declarations ****************************************************************/
+
+ /*** file scope variables ************************************************************************/
+
++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
++static const char *const hostkey_method_ssh_ed25519 = "ssh-ed25519";
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521
++static const char *const hostkey_method_ssh_ecdsa_521 = "ecdsa-sha2-nistp521";
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384
++static const char *const hostkey_method_ssh_ecdsa_384 = "ecdsa-sha2-nistp384";
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
++static const char *const hostkey_method_ssh_ecdsa_256 = "ecdsa-sha2-nistp256";
++#endif
++static const char *const hostkey_method_ssh_rsa = "ssh-rsa";
++static const char *const hostkey_method_ssh_dss = "ssh-dss";
++
++/**
++ *
++ * The current implementation of know host key checking has following limitations:
++ *
++ * - Only plain-text entries are supported (`HashKnownHosts no` OpenSSH option)
++ * - Only HEX-encoded SHA1 fingerprint display is supported (`FingerprintHash` OpenSSH option)
++ * - Resolved IP addresses are *not* saved/validated along with the hostnames
++ *
++ */
++
+ static const char *kbi_passwd = NULL;
+ static const struct vfs_s_super *kbi_super = NULL;
+
+@@ -70,9 +99,12 @@ static const struct vfs_s_super *kbi_super = NULL;
+ static int
+ sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror)
+ {
++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super);
+ struct addrinfo hints, *res = NULL, *curr_res;
+ int my_socket = 0;
+ char port[BUF_TINY];
++ static char address_ipv4[INET_ADDRSTRLEN];
++ static char address_ipv6[INET6_ADDRSTRLEN];
+ int e;
+
+ mc_return_val_if_error (mcerror, LIBSSH2_INVALID_SOCKET);
+@@ -120,6 +152,30 @@ sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror)
+ {
+ int save_errno;
+
++ switch (curr_res->ai_addr->sa_family)
++ {
++ case AF_INET:
++ sftpfs_super->ip_address =
++ inet_ntop (AF_INET, &((struct sockaddr_in *) curr_res->ai_addr)->sin_addr,
++ address_ipv4, INET_ADDRSTRLEN);
++ break;
++ case AF_INET6:
++ sftpfs_super->ip_address =
++ inet_ntop (AF_INET6, &((struct sockaddr_in6 *) curr_res->ai_addr)->sin6_addr,
++ address_ipv6, INET6_ADDRSTRLEN);
++ break;
++ default:
++ sftpfs_super->ip_address = NULL;
++ }
++
++ if (sftpfs_super->ip_address == NULL)
++ {
++ mc_propagate_error (mcerror, 0, "%s",
++ _("sftp: failed to convert remote host IP address into text form"));
++ my_socket = LIBSSH2_INVALID_SOCKET;
++ goto ret;
++ }
++
+ my_socket = socket (curr_res->ai_family, curr_res->ai_socktype, curr_res->ai_protocol);
+
+ if (my_socket < 0)
+@@ -161,8 +217,358 @@ sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror)
+ }
+
+ /* --------------------------------------------------------------------------------------------- */
++
++/**
++ * Read ~/.ssh/known_hosts file.
++ *
++ * @param super connection data
++ * @param mcerror pointer to the error handler
++ * @return TRUE on success, FALSE otherwise
++ *
++ * Thanks the Curl project for the code used in this function.
++ */
++static gboolean
++sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror)
++{
++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super);
++ struct libssh2_knownhost *store = NULL;
++ int rc;
++ gboolean found = FALSE;
++
++ sftpfs_super->known_hosts = libssh2_knownhost_init (sftpfs_super->session);
++ if (sftpfs_super->known_hosts == NULL)
++ goto err;
++
++ sftpfs_super->known_hosts_file =
++ mc_build_filename (mc_config_get_home_dir (), ".ssh", "known_hosts", (char *) NULL);
++ rc = libssh2_knownhost_readfile (sftpfs_super->known_hosts, sftpfs_super->known_hosts_file,
++ LIBSSH2_KNOWNHOST_FILE_OPENSSH);
++ if (rc > 0)
++ {
++ const char *kh_name_end = NULL;
++
++ while (!found && libssh2_knownhost_get (sftpfs_super->known_hosts, &store, store) == 0)
++ {
++ /* For non-standard ports, the name will be enclosed in
++ * square brackets, followed by a colon and the port */
++ if (store == NULL)
++ continue;
++
++ if (store->name == NULL)
++ found = TRUE;
++ else if (store->name[0] != '[')
++ found = strcmp (store->name, super->path_element->host) == 0;
++ else
++ {
++ int port;
++
++ kh_name_end = strstr (store->name, "]:");
++ if (kh_name_end == NULL)
++ /* Invalid host pattern */
++ continue;
++
++ port = (int) g_ascii_strtoll (kh_name_end + 2, NULL, 10);
++ if (port == super->path_element->port)
++ {
++ size_t kh_name_size;
++
++ kh_name_size = strlen (store->name) - 1 - strlen (kh_name_end);
++ found = strncmp (store->name + 1, super->path_element->host, kh_name_size) == 0;
++ }
++ }
++ }
++ }
++
++ if (found)
++ {
++ int mask;
++ const char *hostkey_method = NULL;
++
++ mask = store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK;
++
++ switch (mask)
++ {
++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
++ case LIBSSH2_KNOWNHOST_KEY_ED25519:
++ hostkey_method = hostkey_method_ssh_ed25519;
++ break;
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521
++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
++ hostkey_method = hostkey_method_ssh_ecdsa_521;
++ break;
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384
++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_384:
++ hostkey_method = hostkey_method_ssh_ecdsa_384;
++ break;
++#endif
++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_256:
++ hostkey_method = hostkey_method_ssh_ecdsa_256;
++ break;
++#endif
++ case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
++ hostkey_method = hostkey_method_ssh_rsa;
++ break;
++ case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
++ hostkey_method = hostkey_method_ssh_dss;
++ break;
++ case LIBSSH2_KNOWNHOST_KEY_RSA1:
++ mc_propagate_error (mcerror, 0, "%s",
++ _("sftp: found host key of unsupported type: RSA1"));
++ return FALSE;
++ default:
++ mc_propagate_error (mcerror, 0, "%s %d", _("sftp: unknown host key type:"), mask);
++ return FALSE;
++ }
++
++ rc = libssh2_session_method_pref (sftpfs_super->session, LIBSSH2_METHOD_HOSTKEY,
++ hostkey_method);
++ if (rc < 0)
++ goto err;
++ }
++
++ return TRUE;
++
++ err:
++ {
++ int sftp_errno;
++
++ sftp_errno = libssh2_session_last_errno (sftpfs_super->session);
++ sftpfs_ssherror_to_gliberror (sftpfs_super, sftp_errno, mcerror);
++ }
++ return FALSE;
++}
++
++/* --------------------------------------------------------------------------------------------- */
++
++/**
++ * Write new host + key pair to the ~/.ssh/known_hosts file.
++ *
++ * @param super connection data
++ * @param remote_key he key for the remote host
++ * @param remote_key_len length of @remote_key
++ * @param type_mask info about format of host name, key and key type
++ * @return 0 on success, regular libssh2 error code otherwise
++ *
++ * Thanks the Curl project for the code used in this function.
++ */
++static int
++sftpfs_update_known_hosts (struct vfs_s_super *super, const char *remote_key, size_t remote_key_len,
++ int type_mask)
++{
++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super);
++ int rc;
++
++ /* add this host + key pair */
++ rc = libssh2_knownhost_addc (sftpfs_super->known_hosts, super->path_element->host, NULL,
++ remote_key, remote_key_len, NULL, 0, type_mask, NULL);
++ if (rc < 0)
++ return rc;
++
++ /* write the entire in-memory list of known hosts to the known_hosts file */
++ rc = libssh2_knownhost_writefile (sftpfs_super->known_hosts, sftpfs_super->known_hosts_file,
++ LIBSSH2_KNOWNHOST_FILE_OPENSSH);
++
++ if (rc < 0)
++ return rc;
++
++ (void) message (D_NORMAL, _("Information"),
++ _("Permanently added\n%s (%s)\nto the list of known hosts."),
++ super->path_element->host, sftpfs_super->ip_address);
++
++ return 0;
++}
++
++/* --------------------------------------------------------------------------------------------- */
++/**
++ * Compute and return readable host key fingerprint hash.
++ *
++ * @param session libssh2 session handle
++ * @return pointer to static buffer on success, NULL otherwise
++ */
++static const char *
++sftpfs_compute_fingerprint_hash (LIBSSH2_SESSION * session)
++{
++ static char result[SHA1_DIGEST_LENGTH * 3 + 1]; /* "XX:" for each byte, and EOL */
++ const char *fingerprint;
++ size_t i;
++
++ /* The fingerprint points to static storage (!), don't free() it. */
++ fingerprint = libssh2_hostkey_hash (session, LIBSSH2_HOSTKEY_HASH_SHA1);
++ if (fingerprint == NULL)
++ return NULL;
++
++ for (i = 0; i < SHA1_DIGEST_LENGTH && i * 3 < sizeof (result) - 1; i++)
++ g_snprintf ((gchar *) (result + i * 3), 4, "%02x:", (guint8) fingerprint[i]);
++
++ /* remove last ":" */
++ result[i * 3 - 1] = '\0';
++
++ return result;
++}
++
++/* --------------------------------------------------------------------------------------------- */
++
+ /**
+- * Recognize authenticaion types supported by remote side and filling internal 'super' structure by
++ * Process host info found in ~/.ssh/known_hosts file.
++ *
++ * @param super connection data
++ * @param mcerror pointer to the error handler
++ * @return TRUE on success, FALSE otherwise
++ *
++ * Thanks the Curl project for the code used in this function.
++ */
++static gboolean
++sftpfs_process_known_host (struct vfs_s_super *super, GError ** mcerror)
++{
++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super);
++ const char *remote_key;
++ const char *key_type;
++ const char *fingerprint_hash;
++ size_t remote_key_len = 0;
++ int remote_key_type = LIBSSH2_HOSTKEY_TYPE_UNKNOWN;
++ int keybit = 0;
++ struct libssh2_knownhost *host = NULL;
++ int rc;
++ char *msg = NULL;
++ gboolean handle_query = FALSE;
++
++ remote_key = libssh2_session_hostkey (sftpfs_super->session, &remote_key_len, &remote_key_type);
++ if (remote_key == NULL || remote_key_len == 0
++ || remote_key_type == LIBSSH2_HOSTKEY_TYPE_UNKNOWN)
++ {
++ mc_propagate_error (mcerror, 0, "%s", _("sftp: cannot get the remote host key"));
++ return FALSE;
++ }
++
++ switch (remote_key_type)
++ {
++ case LIBSSH2_HOSTKEY_TYPE_RSA:
++ keybit = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
++ key_type = "RSA";
++ break;
++ case LIBSSH2_HOSTKEY_TYPE_DSS:
++ keybit = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
++ key_type = "DSS";
++ break;
++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
++ key_type = "ECDSA";
++ break;
++#endif
++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_384
++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
++ key_type = "ECDSA";
++ break;
++#endif
++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_521
++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
++ key_type = "ECDSA";
++ break;
++#endif
++#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
++ case LIBSSH2_HOSTKEY_TYPE_ED25519:
++ keybit = LIBSSH2_KNOWNHOST_KEY_ED25519;
++ key_type = "ED25519";
++ break;
++#endif
++ default:
++ mc_propagate_error (mcerror, 0, "%s",
++ _("sftp: unsupported key type, can't check remote host key"));
++ return FALSE;
++ }
++
++ fingerprint_hash = sftpfs_compute_fingerprint_hash (sftpfs_super->session);
++ if (fingerprint_hash == NULL)
++ {
++ mc_propagate_error (mcerror, 0, "%s", _("sftp: can't compute host key fingerprint hash"));
++ return FALSE;
++ }
++
++ rc = libssh2_knownhost_checkp (sftpfs_super->known_hosts, super->path_element->host,
++ super->path_element->port, remote_key, remote_key_len,
++ LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW |
++ keybit, &host);
++
++ switch (rc)
++ {
++ default:
++ case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
++ /* something prevented the check to be made */
++ goto err;
++
++ case LIBSSH2_KNOWNHOST_CHECK_MATCH:
++ /* host + key pair matched -- OK */
++ break;
++
++ case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
++ /* no host match was found -- add it to the known_hosts file */
++ msg = g_strdup_printf (_("The authenticity of host\n%s (%s)\ncan't be established!\n"
++ "%s key fingerprint hash is\nSHA1:%s.\n"
++ "Do you want to add it to the list of known hosts and continue connecting?"),
++ super->path_element->host, sftpfs_super->ip_address,
++ key_type, fingerprint_hash);
++ /* Select "No" initially */
++ query_set_sel (2);
++ rc = query_dialog (_("Warning"), msg, D_NORMAL, 3, _("&Yes"), _("&Ignore"), _("&No"));
++ g_free (msg);
++ handle_query = TRUE;
++ break;
++
++ case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
++ msg = g_strdup_printf (_("%s (%s)\nis found in the list of known hosts but\n"
++ "KEYS DO NOT MATCH! THIS COULD BE A MITM ATTACK!\n"
++ "Are you sure you want to add it to the list of known hosts and continue connecting?"),
++ super->path_element->host, sftpfs_super->ip_address);
++ /* Select "No" initially */
++ query_set_sel (2);
++ rc = query_dialog (MSG_ERROR, msg, D_ERROR, 3, _("&Yes"), _("&Ignore"), _("&No"));
++ g_free (msg);
++ handle_query = TRUE;
++ break;
++ }
++
++ if (handle_query)
++ switch (rc)
++ {
++ case 0:
++ /* Yes: add this host + key pair, continue connecting */
++ if (sftpfs_update_known_hosts (super, remote_key, remote_key_len,
++ LIBSSH2_KNOWNHOST_TYPE_PLAIN
++ | LIBSSH2_KNOWNHOST_KEYENC_RAW | keybit) < 0)
++ goto err;
++ break;
++ case 1:
++ /* Ignore: do not add this host + key pair, continue connecting anyway */
++ break;
++ case 2:
++ default:
++ mc_propagate_error (mcerror, 0, "%s", _("sftp: host key verification failed"));
++ /* No: abort connection */
++ goto err;
++ }
++
++ return TRUE;
++
++ err:
++ {
++ int sftp_errno;
++
++ sftp_errno = libssh2_session_last_errno (sftpfs_super->session);
++ sftpfs_ssherror_to_gliberror (sftpfs_super, sftp_errno, mcerror);
++ }
++
++ return FALSE;
++}
++
++/* --------------------------------------------------------------------------------------------- */
++/**
++ * Recognize authentication types supported by remote side and filling internal 'super' structure by
+ * proper enum's values.
+ *
+ * @param super connection data
+@@ -461,6 +867,9 @@ sftpfs_open_connection (struct vfs_s_super *super, GError ** mcerror)
+ if (sftpfs_super->session == NULL)
+ return (-1);
+
++ if (!sftpfs_read_known_hosts (super, mcerror))
++ return (-1);
++
+ /* ... start it up. This will trade welcome banners, exchange keys,
+ * and setup crypto, compression, and MAC layers
+ */
+@@ -475,13 +884,8 @@ sftpfs_open_connection (struct vfs_s_super *super, GError ** mcerror)
+ return (-1);
+ }
+
+- /* At this point we havn't yet authenticated. The first thing to do
+- * is check the hostkey's fingerprint against our known hosts Your app
+- * may have it hard coded, may go to a file, may present it to the
+- * user, that's your call
+- */
+- sftpfs_super->fingerprint =
+- libssh2_hostkey_hash (sftpfs_super->session, LIBSSH2_HOSTKEY_HASH_SHA1);
++ if (!sftpfs_process_known_host (super, mcerror))
++ return (-1);
+
+ if (!sftpfs_recognize_auth_types (super))
+ {
+@@ -538,7 +942,13 @@ sftpfs_close_connection (struct vfs_s_super *super, const char *shutdown_message
+ sftpfs_super->agent = NULL;
+ }
+
+- sftpfs_super->fingerprint = NULL;
++ if (sftpfs_super->known_hosts != NULL)
++ {
++ libssh2_knownhost_free (sftpfs_super->known_hosts);
++ sftpfs_super->known_hosts = NULL;
++ }
++
++ MC_PTR_FREE (sftpfs_super->known_hosts_file);
+
+ if (sftpfs_super->session != NULL)
+ {
+diff --git a/src/vfs/sftpfs/internal.h b/src/vfs/sftpfs/internal.h
+index 5616fb8990..643ce5e3cc 100644
+--- a/src/vfs/sftpfs/internal.h
++++ b/src/vfs/sftpfs/internal.h
+@@ -42,6 +42,9 @@ typedef struct
+ sftpfs_auth_type_t auth_type;
+ sftpfs_auth_type_t config_auth_type;
+
++ LIBSSH2_KNOWNHOSTS *known_hosts;
++ char *known_hosts_file;
++
+ LIBSSH2_SESSION *session;
+ LIBSSH2_SFTP *sftp_session;
+
+@@ -51,7 +54,7 @@ typedef struct
+ char *privkey;
+
+ int socket_handle;
+- const char *fingerprint;
++ const char *ip_address;
+ vfs_path_element_t *original_connection_info;
+ } sftpfs_super_t;
+
diff --git a/meta/recipes-extended/mc/mc_4.8.26.bb b/meta/recipes-extended/mc/mc_4.8.26.bb
index 5c5e6790d8..6bc7e6e8e1 100644
--- a/meta/recipes-extended/mc/mc_4.8.26.bb
+++ b/meta/recipes-extended/mc/mc_4.8.26.bb
@@ -11,6 +11,7 @@ RRECOMMENDS_${PN} = "ncurses-terminfo"
SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \
file://0001-mc-replace-perl-w-with-use-warnings.patch \
file://nomandate.patch \
+ file://CVE-2021-36370.patch \
"
SRC_URI[sha256sum] = "9d6358d0a351a455a1410aab57f33b6b48b0fcf31344b9a10b0ff497595979d1"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 06/17] squashfs-tools: fix CVE-2021-40153
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (4 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 05/17] mc: fix CVE-2021-36370 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 07/17] ffmpeg: fix CVE-2021-38291 Anuj Mittal
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Kai Kang <kai.kang@windriver.com>
Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.
CVE: CVE-2021-40153
Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../squashfs-tools/files/CVE-2021-40153.patch | 253 ++++++++++++++++++
.../squashfs-tools/squashfs-tools_git.bb | 1 +
2 files changed, 254 insertions(+)
create mode 100644 meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
new file mode 100644
index 0000000000..95e2534ee4
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
@@ -0,0 +1,253 @@
+Backport patch to fix CVE-2021-40153, and remove version update in unsquashfs.c
+for compatible.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/79b5a55]
+CVE: CVE-2021-40153
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 79b5a555058eef4e1e7ff220c344d39f8cd09646 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sat, 16 Jan 2021 20:08:55 +0000
+Subject: [PATCH] Unsquashfs: fix write outside destination directory exploit
+
+An issue on Github (https://github.com/plougher/squashfs-tools/issues/72)
+shows how some specially crafted Squashfs filesystems containing
+invalid file names (with '/' and ..) can cause Unsquashfs to write
+files outside of the destination directory.
+
+This commit fixes this exploit by checking all names for
+validity.
+
+In doing so I have also added checks for '.' and for names that
+are shorter than they should be (names in the file system should
+not have '\0' terminators).
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/Makefile | 5 ++-
+ squashfs-tools/unsquash-1.c | 9 +++++-
+ squashfs-tools/unsquash-1234.c | 58 ++++++++++++++++++++++++++++++++++
+ squashfs-tools/unsquash-2.c | 9 +++++-
+ squashfs-tools/unsquash-3.c | 9 +++++-
+ squashfs-tools/unsquash-4.c | 9 +++++-
+ squashfs-tools/unsquashfs.h | 5 ++-
+ 7 files changed, 98 insertions(+), 6 deletions(-)
+ create mode 100644 squashfs-tools/unsquash-1234.c
+
+diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
+index aee4b960..20feaca2 100644
+--- a/squashfs-tools/Makefile
++++ b/squashfs-tools/Makefile
+@@ -156,7 +156,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o pseudo.o compressor.o \
+ caches-queues-lists.o
+
+ UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
+- unsquash-4.o unsquash-123.o unsquash-34.o swap.o compressor.o unsquashfs_info.o
++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \
++ compressor.o unsquashfs_info.o
+
+ CFLAGS ?= -O2
+ CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
+@@ -350,6 +351,8 @@ unsquash-123.o: unsquashfs.h unsquash-123.c squashfs_fs.h squashfs_compat.h
+
+ unsquash-34.o: unsquashfs.h unsquash-34.c
+
++unsquash-1234.o: unsquash-1234.c
++
+ unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h
+
+ unsquashfs_info.o: unsquashfs.h squashfs_fs.h
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index 34eced36..28326cb1 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -2,7 +2,7 @@
+ * Unsquash a squashfs filesystem. This is a highly compressed read only
+ * filesystem.
+ *
+- * Copyright (c) 2009, 2010, 2011, 2012, 2019
++ * Copyright (c) 2009, 2010, 2011, 2012, 2019, 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -285,6 +285,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ memcpy(dire->name, directory_table + bytes,
+ dire->size + 1);
+ dire->name[dire->size + 1] = '\0';
++
++ /* check name for invalid characters (i.e /, ., ..) */
++ if(check_name(dire->name, dire->size + 1) == FALSE) {
++ ERROR("File system corrupted: invalid characters in name\n");
++ goto corrupted;
++ }
++
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+new file mode 100644
+index 00000000..c2d4f42b
+--- /dev/null
++++ b/squashfs-tools/unsquash-1234.c
+@@ -0,0 +1,58 @@
++/*
++ * Unsquash a squashfs filesystem. This is a highly compressed read only
++ * filesystem.
++ *
++ * Copyright (c) 2021
++ * Phillip Lougher <phillip@squashfs.org.uk>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2,
++ * or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++ *
++ * unsquash-1234.c
++ *
++ * Helper functions used by unsquash-1, unsquash-2, unsquash-3 and
++ * unsquash-4.
++ */
++
++#define TRUE 1
++#define FALSE 0
++/*
++ * Check name for validity, name should not
++ * - be ".", "./", or
++ * - be "..", "../" or
++ * - have a "/" anywhere in the name, or
++ * - be shorter than the expected size
++ */
++int check_name(char *name, int size)
++{
++ char *start = name;
++
++ if(name[0] == '.') {
++ if(name[1] == '.')
++ name++;
++ if(name[1] == '/' || name[1] == '\0')
++ return FALSE;
++ }
++
++ while(name[0] != '/' && name[0] != '\0')
++ name ++;
++
++ if(name[0] == '/')
++ return FALSE;
++
++ if((name - start) != size)
++ return FALSE;
++
++ return TRUE;
++}
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 4b3d767e..474064e1 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -2,7 +2,7 @@
+ * Unsquash a squashfs filesystem. This is a highly compressed read only
+ * filesystem.
+ *
+- * Copyright (c) 2009, 2010, 2013, 2019
++ * Copyright (c) 2009, 2010, 2013, 2019, 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -386,6 +386,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ memcpy(dire->name, directory_table + bytes,
+ dire->size + 1);
+ dire->name[dire->size + 1] = '\0';
++
++ /* check name for invalid characters (i.e /, ., ..) */
++ if(check_name(dire->name, dire->size + 1) == FALSE) {
++ ERROR("File system corrupted: invalid characters in name\n");
++ goto corrupted;
++ }
++
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 02c31fc5..65cfe4d9 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -2,7 +2,7 @@
+ * Unsquash a squashfs filesystem. This is a highly compressed read only
+ * filesystem.
+ *
+- * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019
++ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019, 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -413,6 +413,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ memcpy(dire->name, directory_table + bytes,
+ dire->size + 1);
+ dire->name[dire->size + 1] = '\0';
++
++ /* check name for invalid characters (i.e /, ., ..) */
++ if(check_name(dire->name, dire->size + 1) == FALSE) {
++ ERROR("File system corrupted: invalid characters in name\n");
++ goto corrupted;
++ }
++
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 8475835c..aa23a841 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -2,7 +2,7 @@
+ * Unsquash a squashfs filesystem. This is a highly compressed read only
+ * filesystem.
+ *
+- * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019
++ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2019, 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -349,6 +349,13 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ memcpy(dire->name, directory_table + bytes,
+ dire->size + 1);
+ dire->name[dire->size + 1] = '\0';
++
++ /* check name for invalid characters (i.e /, ., ..) */
++ if(check_name(dire->name, dire->size + 1) == FALSE) {
++ ERROR("File system corrupted: invalid characters in name\n");
++ goto corrupted;
++ }
++
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 934618b2..db1da7a0 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -4,7 +4,7 @@
+ * Unsquash a squashfs filesystem. This is a highly compressed read only
+ * filesystem.
+ *
+- * Copyright (c) 2009, 2010, 2013, 2014, 2019
++ * Copyright (c) 2009, 2010, 2013, 2014, 2019, 2021
+ * Phillip Lougher <phillip@squashfs.org.uk>
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -261,4 +261,7 @@ extern int read_ids(int, long long, long long, unsigned int **);
+
+ /* unsquash-34.c */
+ extern long long *alloc_index_table(int);
++
++/* unsquash-1234.c */
++extern int check_name(char *, int);
+ #endif
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
index 2b1409d78d..083e597b03 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
@@ -11,6 +11,7 @@ PV = "4.4"
SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67"
SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \
+ file://CVE-2021-40153.patch;striplevel=2 \
"
S = "${WORKDIR}/git/squashfs-tools"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 07/17] ffmpeg: fix CVE-2021-38291
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (5 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 06/17] squashfs-tools: fix CVE-2021-40153 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 08/17] bluez5: fix CVE-2021-0129 Anuj Mittal
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Kiran Surendran <ksurendr@ala-lpggp3.wrs.com>
backport from upstream
Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38291.patch | 54 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
new file mode 100644
index 0000000000..ef1c760286
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
@@ -0,0 +1,54 @@
+CVE: CVE-2021-38291
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
+
+From e908bdb157fa493be2b50e2a11055d19c5254a15 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 21 Jul 2021 01:02:44 -0300
+Subject: [PATCH] avcodec/utils: don't return negative values in
+ av_get_audio_frame_duration()
+
+In some extrme cases, like with adpcm_ms samples with an extremely high channel
+count, get_audio_frame_duration() may return a negative frame duration value.
+Don't propagate it, and instead return 0, signaling that a duration could not
+be determined.
+
+Fixes ticket #9312
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/utils.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/utils.c b/libavcodec/utils.c
+index 81e34254e8..5fdb10fe09 100644
+--- a/libavcodec/utils.c
++++ b/libavcodec/utils.c
+@@ -1776,20 +1776,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
+
+ int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
+ {
+- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
++ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
+ avctx->channels, avctx->block_align,
+ avctx->codec_tag, avctx->bits_per_coded_sample,
+ avctx->bit_rate, avctx->extradata, avctx->frame_size,
+ frame_bytes);
++ return FFMAX(0, duration);
+ }
+
+ int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes)
+ {
+- return get_audio_frame_duration(par->codec_id, par->sample_rate,
++ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate,
+ par->channels, par->block_align,
+ par->codec_tag, par->bits_per_coded_sample,
+ par->bit_rate, par->extradata, par->frame_size,
+ frame_bytes);
++ return FFMAX(0, duration);
+ }
+
+ #if !HAVE_THREADS
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..3e7ceb859f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
+ file://fix-CVE-2021-38291.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 08/17] bluez5: fix CVE-2021-0129
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (6 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 07/17] ffmpeg: fix CVE-2021-38291 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 09/17] tcl: Exclude CVE-2021-35331 from checks Anuj Mittal
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Trevor Gamblin <trevor.gamblin@windriver.com>
Backport a fix from version 5.57 rather than doing an uprev, since there
appear to be some minor functional changes between our current version
and that version, despite the changelog only listing fixes.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
...er-Fix-not-properly-checking-for-sec.patch | 113 ++++++++++++++++++
2 files changed, 114 insertions(+)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 0d30b1a3f5..22e0f33610 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -53,6 +53,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0001-adapter-Fix-storing-discoverable-setting.patch \
+ file://0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
new file mode 100644
index 0000000000..422fd211ca
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
@@ -0,0 +1,113 @@
+From 00da0fb4972cf59e1c075f313da81ea549cb8738 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 2 Mar 2021 11:38:33 -0800
+Subject: [PATCH] shared/gatt-server: Fix not properly checking for secure
+ flags
+
+When passing the mask to check_permissions all valid permissions for
+the operation must be set including BT_ATT_PERM_SECURE flags.
+
+Upstream-Status: Backport
+(https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738)
+
+CVE: CVE-2021-0129
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+---
+ src/shared/att-types.h | 8 ++++++++
+ src/shared/gatt-server.c | 25 +++++++------------------
+ 2 files changed, 15 insertions(+), 18 deletions(-)
+
+diff --git a/src/shared/att-types.h b/src/shared/att-types.h
+index 7108b4e94..3adc05d9e 100644
+--- a/src/shared/att-types.h
++++ b/src/shared/att-types.h
+@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
+ #define BT_ATT_PERM_WRITE_SECURE 0x0200
+ #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \
+ BT_ATT_PERM_WRITE_SECURE)
++#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \
++ BT_ATT_PERM_READ_AUTHEN | \
++ BT_ATT_PERM_READ_ENCRYPT | \
++ BT_ATT_PERM_READ_SECURE)
++#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \
++ BT_ATT_PERM_WRITE_AUTHEN | \
++ BT_ATT_PERM_WRITE_ENCRYPT | \
++ BT_ATT_PERM_WRITE_SECURE)
+
+ /* GATT Characteristic Properties Bitfield values */
+ #define BT_GATT_CHRC_PROP_BROADCAST 0x01
+diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
+index b5f7de7dc..970c35f94 100644
+--- a/src/shared/gatt-server.c
++++ b/src/shared/gatt-server.c
+@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
+ return;
+ }
+
+- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
+- BT_ATT_PERM_READ_AUTHEN |
+- BT_ATT_PERM_READ_ENCRYPT);
++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
+ if (ecode)
+ goto error;
+
+@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
+ (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
+ handle);
+
+- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
+- BT_ATT_PERM_WRITE_AUTHEN |
+- BT_ATT_PERM_WRITE_ENCRYPT);
++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ if (ecode)
+ goto error;
+
+@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
+ opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
+ handle);
+
+- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
+- BT_ATT_PERM_READ_AUTHEN |
+- BT_ATT_PERM_READ_ENCRYPT);
++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
+ if (ecode)
+ goto error;
+
+@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
+ goto error;
+ }
+
+- ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
+- BT_ATT_PERM_READ_AUTHEN |
+- BT_ATT_PERM_READ_ENCRYPT);
++ ecode = check_permissions(data->server, next_attr,
++ BT_ATT_PERM_READ_MASK);
+ if (ecode)
+ goto error;
+
+@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
+ goto error;
+ }
+
+- ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
+- BT_ATT_PERM_READ_AUTHEN |
+- BT_ATT_PERM_READ_ENCRYPT);
++ ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
+ if (ecode)
+ goto error;
+
+@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
+ util_debug(server->debug_callback, server->debug_data,
+ "Prep Write Req - handle: 0x%04x", handle);
+
+- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
+- BT_ATT_PERM_WRITE_AUTHEN |
+- BT_ATT_PERM_WRITE_ENCRYPT);
++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ if (ecode)
+ goto error;
+
+--
+2.31.1
+
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 09/17] tcl: Exclude CVE-2021-35331 from checks
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (7 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 08/17] bluez5: fix CVE-2021-0129 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 10/17] flex: Add CVE-2019-6293 to exclusions for checks Anuj Mittal
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream don't believe this is an issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit adf7bafee3f8884e525b5639ba092a1cd8e3beb9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index efb36b32dd..a993d7c959 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -30,6 +30,9 @@ SRC_URI[sha256sum] = "8c0486668586672c5693d7d95817cb05a18c5ecca2f40e2836b9578064
SRC_URI_class-native = "${BASE_SRC_URI}"
S = "${WORKDIR}/${BPN}${PV}/unix"
+# Upstream don't believe this is an exploitable issue
+# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
+CVE_CHECK_WHITELIST += "CVE-2021-35331"
PSEUDO_IGNORE_PATHS .= ",${WORKDIR}/${BPN}${PV}"
VER = "${PV}"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 10/17] flex: Add CVE-2019-6293 to exclusions for checks
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (8 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 09/17] tcl: Exclude CVE-2021-35331 from checks Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list Anuj Mittal
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.
https://github.com/westes/flex/issues/414
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/flex/flex_2.6.4.bb | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb
index 54e7e01729..a85c3afc07 100644
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -28,6 +28,11 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases"
UPSTREAM_CHECK_REGEX = "flex-(?P<pver>\d+(\.\d+)+)\.tar"
+# Disputed - yes there is stack exhaustion but no bug and it is building the
+# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
+# https://github.com/westes/flex/issues/414
+CVE_CHECK_WHITELIST += "CVE-2019-6293"
+
inherit autotools gettext texinfo ptest
M4 = "${bindir}/m4"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (9 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 10/17] flex: Add CVE-2019-6293 to exclusions for checks Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 12/17] linux-yocto/5.10: update to v5.10.61 Anuj Mittal
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.
https://github.com/golang/go/issues/30999#issuecomment-910470358
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/go/go-1.16.7.inc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.7.inc
index ed2d94671b..9eca1caeeb 100644
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.7.inc
@@ -19,3 +19,8 @@ SRC_URI += "\
file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \
"
SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 12/17] linux-yocto/5.10: update to v5.10.61
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (10 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 13/17] linux-yocto/5.10: update to v5.10.63 Anuj Mittal
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
452ea6a15ed2 Linux 5.10.61
f15e64267393 io_uring: only assign io_uring_enter() SQPOLL error in actual error case
695ab28a7fa1 io_uring: fix xa_alloc_cycle() error return value check
0d5fcfc6406e fs: warn about impending deprecation of mandatory locks
8132fc2bf4b7 mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
53e81668e119 ASoC: intel: atom: Fix breakage for PCM buffer address setup
88f65f57a0b9 ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8
b6672f67ec28 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
a69326e134d4 s390/pci: fix use after free of zpci_dev
05b56e05543c ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
67fece6289a9 btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
16cfa72766b5 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711
2566c1d8239d mmc: sdhci-iproc: Cap min clock frequency on BCM2711
110b7f72f6d0 ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
258782b93701 ipack: tpci200: fix memory leak in the tpci200_register
3ee1b08097c1 ipack: tpci200: fix many double free issues in tpci200_pci_probe
0775bc462ae7 slimbus: ngd: reset dma setup during runtime pm
45d6fc21cd4d slimbus: messaging: check for valid transaction id
b700b523ddaf slimbus: messaging: start transaction ids from 1 instead of zero
bd0c2f83d072 tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
f7c125493c78 ALSA: hda - fix the 'Capture Switch' value change notifications
7451c309c7a3 clk: qcom: gdsc: Ensure regulator init state matches GDSC state
7203b4986d9a clk: imx6q: fix uart earlycon unwork
3f8920c5706e mmc: sdhci-msm: Update the software timeout value for sdhc
8f499a90e7ee mmc: mmci: stm32: Check when the voltage switch procedure should be done
f8dac276a9b4 mmc: dw_mmc: Fix hang on data CRC error
645fd92c3ed4 Revert "flow_offload: action should not be NULL when it is referenced"
2f6c42806e10 iavf: Fix ping is lost after untrusted VF had tried to change MAC
7873c29832a3 i40e: Fix ATR queue selection
e003a8921949 r8152: fix writing USB_BP2_EN
21ca0b18ad64 iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry()
81578e587c08 iommu/vt-d: Consolidate duplicate cache invaliation code
eee84eafc3bb ovs: clear skb->tstamp in forwarding path
47a1161dacb1 net: mdio-mux: Handle -EPROBE_DEFER correctly
13af9c81e62f net: mdio-mux: Don't ignore memory allocation errors
df61235881c8 sch_cake: fix srchost/dsthost hashing mode
e1ec5858bae1 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path
3b7397b203cc net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
9bc2d1a5a890 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
b7adfde94930 virtio-net: support XDP when not more queues
1ce62fe6e4cb vrf: Reset skb conntrack connection on VRF rcv
8ae539a36194 bnxt_en: Add missing DMA memory barriers
9751aa443695 bnxt_en: Disable aRFS if running on 212 firmware
efd9b79b92a3 ptp_pch: Restore dependency on PCI
85e0518f181a net: 6pack: fix slab-out-of-bounds in decode_data
e0ae16836027 bnxt: count Tx drops
296fe765dd02 bnxt: make sure xmit_more + errors does not miss doorbells
d913d5cc3ba5 bnxt: disable napi before canceling DIM
5b24ae8f05ca bnxt: don't lock the tx queue from napi poll
585ff7344ec1 bpf: Clear zext_dst of dead insns
8dfdeeb1e98e drm/mediatek: Add AAL output size configuration
a8b8d61babb4 drm/mediatek: Fix aal size config
6715cefa72f6 soc / drm: mediatek: Move DDP component defines into mtk-mmsys.h
1b6fc6f739d4 vdpa/mlx5: Avoid destroying MR on empty iotlb
ecdd7c488062 vhost: Fix the calculation in vhost_overflow()
e0b603c89a93 bus: ti-sysc: Fix error handling for sysc_check_active_timer()
1af7ccbd920a vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()
293180f59342 virtio: Protect vqs list access
9108120fbe31 dccp: add do-while-0 stubs for dccp_pr_debug macros
e352531ed020 cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
d2ab5491de91 iommu: Check if group is NULL before remove device
44f454a146c0 arm64: dts: qcom: msm8992-bullhead: Remove PSCI
95ed753d91bf arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
d7d04c67492e Bluetooth: hidp: use correct wait queue when removing ctrl_wait
2e6cc93e1b8c drm/amd/display: workaround for hard hang on HPD on native DP
dcc8c5fb8d85 drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
8849a8c7058e net: usb: lan78xx: don't modify phy_device state concurrently
735e613fa587 net: usb: pegasus: Check the return value of get_geristers() and friends;
6b368411bc0f ARM: dts: nomadik: Fix up interrupt controller node names
410d1ea4ff3a qede: fix crash in rmmod qede while automatic debug collection
7525f2e4de00 drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir.
711459514e29 scsi: core: Fix capacity set to zero after offlinining device
8071dbe1bdd0 scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
4f78db7df6ed scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
cc312fa7e6ef scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
968ee9176a44 scsi: pm80xx: Fix TMF task completion race condition
b353028aed92 dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
35f416223673 ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
505884a0c7a1 net: xfrm: Fix end of loop tests for list_for_each_entry
f1c0533fae59 spi: spi-mux: Add module info needed for autoloading
b618a32142c7 dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
c160df90b0ca dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
d4930271a409 USB: core: Fix incorrect pipe calculation in do_proc_control()
ba6c1b004ac5 USB: core: Avoid WARNings for 0-length descriptor requests
8e100c72b6de KVM: X86: Fix warning caused by stale emulation context
47d4c7999799 KVM: x86: Factor out x86 instruction emulation with decoding
ff2fc9e4aaa6 media: drivers/media/usb: fix memory leak in zr364xx_probe
56320b1ad4d0 media: zr364xx: fix memory leaks in probe()
b5c7ec6d15af media: zr364xx: propagate errors from zr364xx_start_readpipe()
779a0f4347a4 mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
e2036bc3fc7d ath9k: Postpone key cache entry deletion for TXQ frames reference it
609c0cfd07f0 ath: Modify ath_key_delete() to not need full key entry
2925a8385ec7 ath: Export ath_hw_keysetmac()
6566c207e576 ath9k: Clear key cache explicitly on disabling hardware
8f05076983dd ath: Use safer key clearing with key cache entries
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce4eb69dc8ce06b3bb49fbddf27017f58ac20b0d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 4 ++--
.../linux/linux-yocto-tiny_5.10.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 57fe10ea2d..ec46d28db9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c8efa3efd890f35f8037a8c3533ba52e6de83fdf"
+SRCREV_machine ?= "6cd3b8cc48adcec0f91a2f95d12679a8ceb3d77d"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.60"
+LINUX_VERSION ?= "5.10.61"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 40f4533bde..a2d1a3454f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.60"
+LINUX_VERSION ?= "5.10.61"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,8 +15,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "ffaf70463da1502399f192470dae2d2fbdc7cfbc"
-SRCREV_machine ?= "f92b026dba8bd4e55a5cc88b6231f9118a6ac26b"
+SRCREV_machine_qemuarm ?= "b359e868f08a317762618a0c8240769ede6205ee"
+SRCREV_machine ?= "458347294271cddba33b7cfefabf83181eba3440"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index d308938f7e..e135c1d7a2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86 ?= "v5.10/standard/base"
KBRANCH_qemux86-64 ?= "v5.10/standard/base"
KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "1d02041bcc6eb8969d832e89b5c893d717b7ed04"
-SRCREV_machine_qemuarm64 ?= "2675ef4d9aefc588d16d085718866a33c62c10e6"
-SRCREV_machine_qemumips ?= "b503b2da9b2487453a9d9b0fa99654f00e1ad311"
-SRCREV_machine_qemuppc ?= "4ef9462af524cbbfcb719304a923e51f88cc3e68"
-SRCREV_machine_qemuriscv64 ?= "65ba2a0d8428c23b7b4375994d417157a35a251b"
-SRCREV_machine_qemuriscv32 ?= "65ba2a0d8428c23b7b4375994d417157a35a251b"
-SRCREV_machine_qemux86 ?= "65ba2a0d8428c23b7b4375994d417157a35a251b"
-SRCREV_machine_qemux86-64 ?= "65ba2a0d8428c23b7b4375994d417157a35a251b"
-SRCREV_machine_qemumips64 ?= "2d0707a62d33b1626329fde6ed9e906f5aba3022"
-SRCREV_machine ?= "65ba2a0d8428c23b7b4375994d417157a35a251b"
+SRCREV_machine_qemuarm ?= "c21afa1c405a581d0fbec7df31cf7e4d61ceabb9"
+SRCREV_machine_qemuarm64 ?= "749a8e1ffe820d07371d35850e31201d8583b08a"
+SRCREV_machine_qemumips ?= "8feace594d68ec0c4cde54be4b6ed312bef6def2"
+SRCREV_machine_qemuppc ?= "25cc0f5de71a992745898b9da9f109f30adacc18"
+SRCREV_machine_qemuriscv64 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
+SRCREV_machine_qemuriscv32 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
+SRCREV_machine_qemux86 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
+SRCREV_machine_qemux86-64 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
+SRCREV_machine_qemumips64 ?= "82f98a83c19c2a3e1d9b4b53a2117e84a37bb88d"
+SRCREV_machine ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
# remap qemuarm to qemuarma15 for the 5.8 kernel
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.60"
+LINUX_VERSION ?= "5.10.61"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 13/17] linux-yocto/5.10: update to v5.10.63
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (11 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 12/17] linux-yocto/5.10: update to v5.10.61 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 14/17] systemtap: Fix headers issue with x86 and 5.13 headers Anuj Mittal
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:
e07f317d5a28 Linux 5.10.63
4405ea221dea media: stkwebcam: fix memory leak in stk_camera_probe
ad5e13f15db7 fuse: fix illegal access to inode with reused nodeid
40ba433a85db new helper: inode_wrong_type()
ded9137fcf0d spi: Switch to signed types for *_native_cs SPI controller fields
55bb5193cec5 serial: 8250: 8250_omap: Fix possible array out of bounds access
8e41134a92a5 ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
4ffde17862b0 ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
4ee2686b3745 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
2808d59fb29b cryptoloop: add a deprecation warning
61a038f80c80 perf/x86/amd/power: Assign pmu.module
ec9a82e034f6 perf/x86/amd/ibs: Work around erratum #1197
23c29490b84d ceph: fix possible null-pointer dereference in ceph_mdsmap_decode()
d2064a1444d6 perf/x86/intel/pt: Fix mask of num_address_ranges
0e74bba60452 qede: Fix memset corruption
35f223cb21b1 net: macb: Add a NULL check on desc_ptp
cf50d02e474b qed: Fix the VF msix vectors flow
2177c4943e40 reset: reset-zynqmp: Fixed the argument data type
9872349b088d gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats
b983d60292a6 ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power
bc860c3f0945 xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
b1075d2a7052 static_call: Fix unused variable warn w/o MODULE
ae16b7c66837 Revert "Add a reference to ucounts for each cred"
1aa3f27e592d Revert "cred: add missing return error code when set_cred_ucounts() failed"
0c1443874e1c Revert "ucounts: Increase ucounts reference counter before the security hook"
0479b2bd2959 ubifs: report correct st_size for encrypted symlinks
3ac01789f6d9 f2fs: report correct st_size for encrypted symlinks
894a02236d0d ext4: report correct st_size for encrypted symlinks
b8c298cf57dc fscrypt: add fscrypt_symlink_getattr() for computing st_size
09a379549620 ext4: fix race writing to an inline_data file while its xattrs are changing
f6dd002450bf Linux 5.10.62
0c9a876f2897 bpf: Fix potentially incorrect results with bpf_get_local_storage()
38c1915d3e9f audit: move put_tree() to avoid trim_trees refcount underflow and UAF
1890ee7ff87f net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
0085646e02b2 Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat"
17982c664f8b Revert "floppy: reintroduce O_NDELAY fix"
709c162ddc83 kthread: Fix PF_KTHREAD vs to_kthread() race
c43add24dffd btrfs: fix NULL pointer dereference when deleting device by invalid id
1604c42a1ca9 arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
f760c1101f52 lkdtm: Enable DOUBLE_FAULT on all architectures
b6c657abb893 net: dsa: mt7530: fix VLAN traffic leaks again
f8242f554c82 usb: typec: ucsi: Clear pending after acking connector change
e15e32d519fa usb: typec: ucsi: Work around PPM losing change information
08953884aad4 usb: typec: ucsi: acpi: Always decode connector change information
9a4f1dc8a17c tracepoint: Use rcu get state and cond sync for static call updates
b6ae3854075e srcu: Provide polling interfaces for Tiny SRCU grace periods
450948b06ce8 srcu: Make Tiny SRCU use multi-bit grace-period counter
641e1d88404a srcu: Provide internal interface to start a Tiny SRCU grace period
f789de3be808 srcu: Provide polling interfaces for Tree SRCU grace periods
fdf66e5a7fc8 srcu: Provide internal interface to start a Tree SRCU grace period
d3c38d8549c0 powerpc/perf: Invoke per-CPU variable access with disabled interrupts
77b77d45a4b1 perf annotate: Fix jump parsing for C++ code.
9f9e40ddfca3 perf tools: Fix arm64 build error with gcc-11
94687c49b65b perf record: Fix memory leak in vDSO found using ASAN
e0ca67030fda perf symbol-elf: Fix memory leak by freeing sdt_note.args
0d8e39bb9416 perf env: Fix memory leak of bpf_prog_info_linear member
133d7f93eecd riscv: Fixup patch_text panic in ftrace
7e2087249e87 riscv: Fixup wrong ftrace remove cflag
b42fde92cdde Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS
60d69cb4e60d vt_kdsetmode: extend console locking
0a178a015161 tipc: call tipc_wait_for_connect only when dlen is not 0
ded6da217ced mtd: spinand: Fix incorrect parameters for on-die ECC
3b2018f9c9c0 pipe: do FASYNC notifications for every pipe IO, not just state changes
e91da23c1be1 pipe: avoid unnecessary EPOLLET wakeups under normal loads
d845f89d59fc btrfs: fix race between marking inode needs to be logged and log syncing
6f38d95f33be net/rds: dma_map_sg is entitled to merge entries
b882dda2bf7a drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences
7f422cda03a6 drm/nouveau/disp: power down unused DP links during init
6fd6e20520cc drm: Copy drm_wait_vblank to user before returning
26ee94ba343c blk-mq: don't grab rq's refcount in blk_mq_check_expired()
b00ca567579a drm/amd/pm: change the workload type for some cards
3c37ec435022 Revert "drm/amd/pm: fix workload mismatch on vega10"
cc126b400b25 qed: Fix null-pointer dereference in qed_rdma_create_qp()
18a65ba06903 qed: qed ll2 race condition fixes
4ac9c81e8a54 tools/virtio: fix build
c7ee4d22614e vringh: Use wiov->used to check for read/write desc order
6c074eaaf785 virtio_vdpa: reject invalid vq indices
0698278e8eef virtio_pci: Support surprise removal of virtio pci device
065a13c299b4 virtio: Improve vq->broken access to avoid any compiler optimization
f41c7462d8ae cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev
3dea93159038 opp: remove WARN when no valid OPPs remain
be37f7dbcd2c iwlwifi: pnvm: accept multiple HW-type TLVs
9a6a5602c217 clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference
bdc5049c3698 perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
c5600b914690 dt-bindings: sifive-l2-cache: Fix 'select' matching
ad5329a53327 usb: gadget: u_audio: fix race condition on endpoint stop
257ea8a5edc0 drm/i915: Fix syncmap memory leak
e49b8d9c5e88 net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est
b2091d47a14e net: stmmac: add mutex lock to protect est parameters
ac874290e75c Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711"
411680a07cc6 net: hns3: fix get wrong pfc_en when query PFC configuration
e834ca7c7924 net: hns3: fix duplicate node in VLAN list
5931ec35e992 net: hns3: add waiting time before cmdq memory is released
9820af16a879 net: hns3: clear hardware resource when loading driver
ad0db8385575 rtnetlink: Return correct error on changing device netns
51bc5c66606d cxgb4: dont touch blocked freelist bitmap after free
beefd5f0c63a ipv4: use siphash instead of Jenkins in fnhe_hashfun()
dced8347a727 ipv6: use siphash in rt6_exception_hash()
f517335a61ff net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
b493af3a66e0 ucounts: Increase ucounts reference counter before the security hook
8e0881f6f57e net: marvell: fix MVNETA_TX_IN_PRGRS bit number
850401a23a85 xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
fb45459d9ddb ip_gre: add validation for csum_start
e78006b59a30 RDMA/efa: Free IRQ vectors on error flow
8f1e3ad94569 e1000e: Do not take care about recovery NVM checksum
87285ac51ecf e1000e: Fix the max snoop/no-snoop latency for 10M
58b3dbf10c01 igc: Use num_tx_queues when iterating over tx_ring queue
ae6480ba0665 igc: fix page fault when thunderbolt is unplugged
384dea502e91 net: usb: pegasus: fixes of set_register(s) return value evaluation;
3217c9d4602f ice: do not abort devlink info if board identifier can't be found
3a2c5fbb1cc6 RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
56ac7463a140 IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
3e949aaa8bef RDMA/bnxt_re: Add missing spin lock initialization
22c18102ec59 scsi: core: Fix hang of freezing queue between blocking and running device
01da7c1dc4cf usb: dwc3: gadget: Stop EP0 transfers during pullup disable
87b2016493eb usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
56c92b8ddc0c usb: renesas-xhci: Prefer firmware loading on unknown ROM state
b0bcc8038868 USB: serial: option: add new VID/PID to support Fibocom FG150
8437e07c370f Revert "USB: serial: ch341: fix character loss at high transfer rates"
da3067eadcc1 drm/amdgpu: Cancel delayed work when GFXOFF is disabled
3134292a8e79 Revert "btrfs: compression: don't try to compress if we don't have enough pages"
921c2533aa3a riscv: Ensure the value of FP registers in the core dump file is up to date
e55a8b461585 ceph: correctly handle releasing an embedded cap flush
7008b9981b6a can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
45b7b2097153 net: mscc: Fix non-GPL export of regmap APIs
ef2d68ef9a3b ovl: fix uninitialized pointer read in ovl_lookup_real_one()
c94d50979f20 blk-iocost: fix lockdep warning on blkcg->lock
6815e21fe28d once: Fix panic when module unload
f68ad168e235 netfilter: conntrack: collect all entries in one cycle
a13a2df0b149 ARC: Fix CONFIG_STACKDEPOT
0af6a9f82ca3 ASoC: component: Remove misplaced prefix handling in pin control functions
34cc80ec12d6 ASoC: rt5682: Adjust headset volume button threshold
d81ddadabdee bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper
9dd6f6d89693 bpf: Fix ringbuf helper function compatibility
ad41706c771a net: qrtr: fix another OOB Read in qrtr_endpoint_post
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb885bf8ffe9ba7260f83d9575978f753edf538e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.10.bb | 4 ++--
.../linux/linux-yocto-tiny_5.10.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index ec46d28db9..a27c67be1a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "6cd3b8cc48adcec0f91a2f95d12679a8ceb3d77d"
+SRCREV_machine ?= "31e2870ebfd892708e8c5f3aced96565e2456ed9"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.61"
+LINUX_VERSION ?= "5.10.63"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index a2d1a3454f..fc6accac39 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.61"
+LINUX_VERSION ?= "5.10.63"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,8 +15,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "b359e868f08a317762618a0c8240769ede6205ee"
-SRCREV_machine ?= "458347294271cddba33b7cfefabf83181eba3440"
+SRCREV_machine_qemuarm ?= "96ec3026283d29493f757a077f9c51e6d698c634"
+SRCREV_machine ?= "29ff88e6cdf170fbf71e27de32c09e4f6db95078"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index e135c1d7a2..49f9ef95d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86 ?= "v5.10/standard/base"
KBRANCH_qemux86-64 ?= "v5.10/standard/base"
KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "c21afa1c405a581d0fbec7df31cf7e4d61ceabb9"
-SRCREV_machine_qemuarm64 ?= "749a8e1ffe820d07371d35850e31201d8583b08a"
-SRCREV_machine_qemumips ?= "8feace594d68ec0c4cde54be4b6ed312bef6def2"
-SRCREV_machine_qemuppc ?= "25cc0f5de71a992745898b9da9f109f30adacc18"
-SRCREV_machine_qemuriscv64 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
-SRCREV_machine_qemuriscv32 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
-SRCREV_machine_qemux86 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
-SRCREV_machine_qemux86-64 ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
-SRCREV_machine_qemumips64 ?= "82f98a83c19c2a3e1d9b4b53a2117e84a37bb88d"
-SRCREV_machine ?= "815f74d88d7be5ca75dc8b98479d4d8e2736dcd7"
+SRCREV_machine_qemuarm ?= "36e0cc294f77cf72b01a1f9ea62bb13d1ab0693e"
+SRCREV_machine_qemuarm64 ?= "a1c9c936088b6cf4ec56f5180672d6f0e8e3b955"
+SRCREV_machine_qemumips ?= "4962920baaee3235448b48e992a3da0259dcfa57"
+SRCREV_machine_qemuppc ?= "57b30ad7f8a6c3be0ad8eac742476da3f97c23f3"
+SRCREV_machine_qemuriscv64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
+SRCREV_machine_qemuriscv32 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
+SRCREV_machine_qemux86 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
+SRCREV_machine_qemux86-64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
+SRCREV_machine_qemumips64 ?= "a615aa60bc10bea5262f2d65da7ddff4ba32146e"
+SRCREV_machine ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
# remap qemuarm to qemuarma15 for the 5.8 kernel
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.61"
+LINUX_VERSION ?= "5.10.63"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 14/17] systemtap: Fix headers issue with x86 and 5.13 headers
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (12 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 13/17] linux-yocto/5.10: update to v5.10.63 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 15/17] ffmpeg: fix CVE-2021-38171 Anuj Mittal
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
On some x86 platforms there were header issues causing pt_regs compile
failures for our stap tests, e.g. on genericx86-64 but not qemux86-64.
Backport a patch from upstream which fixes the issue.
[YOCTO #14491]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a4ad6c88b683b7310ef46d89b1add80b0f41bf2d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch | 26 +++++++++++++++++++
.../systemtap/systemtap_git.inc | 1 +
2 files changed, 27 insertions(+)
create mode 100644 meta/recipes-kernel/systemtap/systemtap/ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch
diff --git a/meta/recipes-kernel/systemtap/systemtap/ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch b/meta/recipes-kernel/systemtap/systemtap/ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch
new file mode 100644
index 0000000000..4d044de7ee
--- /dev/null
+++ b/meta/recipes-kernel/systemtap/systemtap/ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch
@@ -0,0 +1,26 @@
+From ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470 Mon Sep 17 00:00:00 2001
+From: Du Zhe <duzhe0211+sourceware@gmail.com>
+Date: Tue, 13 Jul 2021 19:11:55 -0400
+Subject: [PATCH] runtime: fix unintended compile error with
+ autoconf-x86-uniregs.c
+
+Adding a #include <linux/sched.h> restores this test on the gentoo
+linux-5.10.47-gentoo kernel.
+
+Upstream-Status: Backport
+---
+ runtime/linux/autoconf-x86-uniregs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/runtime/linux/autoconf-x86-uniregs.c b/runtime/linux/autoconf-x86-uniregs.c
+index 25729c220..232c18670 100644
+--- a/runtime/linux/autoconf-x86-uniregs.c
++++ b/runtime/linux/autoconf-x86-uniregs.c
+@@ -1,3 +1,4 @@
++#include <linux/sched.h>
+ #include <asm/ptrace.h>
+
+ #if defined (__i386__) || defined (__x86_64__)
+--
+2.27.0
+
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.inc b/meta/recipes-kernel/systemtap/systemtap_git.inc
index 016b423847..73fba981b7 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.inc
+++ b/meta/recipes-kernel/systemtap/systemtap_git.inc
@@ -8,6 +8,7 @@ SRC_URI = "git://sourceware.org/git/systemtap.git \
file://0001-Install-python-modules-to-correct-library-dir.patch \
file://0001-staprun-stapbpf-don-t-support-installing-a-non-root.patch \
file://0001-transport-protect-include-and-callsite-with-same-con.patch \
+ file://ef5a8b9eda402e4e96c4e3ce01e7ff95d3e10470.patch \
"
COMPATIBLE_HOST = '(x86_64|i.86|powerpc|arm|aarch64|microblazeel|mips).*-linux'
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 15/17] ffmpeg: fix CVE-2021-38171
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (13 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 14/17] systemtap: Fix headers issue with x86 and 5.13 headers Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 16/17] linux-yocto/5.4: update to v5.4.143 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 17/17] linux-yocto/5.4: update to v5.4.144 Anuj Mittal
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Kiran Surendran <Kiran.Surendran@windriver.com>
backport from upstream
Signed-off-by: Kiran Surendran <Kiran.Surendran@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38171.patch | 40 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
new file mode 100644
index 0000000000..8775acd8c5
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
@@ -0,0 +1,40 @@
+CVE: CVE-2021-38171
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
+
+From d5373a9efb10c1fa87698ee41370fb04dc2e410b Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <me22bee@outlook.com>
+Date: Wed, 4 Aug 2021 16:15:18 -0400
+Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in
+ adts_decode_extradata
+
+As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
+'buf' is part of 'AVPacket pkt'.
+replace init_get_bits with init_get_bits8.
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/adtsenc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
+index d937e2bea9..a1593515e1 100644
+--- a/libavformat/adtsenc.c
++++ b/libavformat/adtsenc.c
+@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
+ GetBitContext gb;
+ PutBitContext pb;
+ MPEG4AudioConfig m4ac;
+- int off;
++ int off, ret;
+
+- init_get_bits(&gb, buf, size * 8);
++ ret = init_get_bits8(&gb, buf, size);
++ if (ret < 0)
++ return ret;
+ off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
+ if (off < 0)
+ return off;
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 3e7ceb859f..3162617336 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-38291.patch \
+ file://fix-CVE-2021-38171.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 16/17] linux-yocto/5.4: update to v5.4.143
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (14 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 15/17] ffmpeg: fix CVE-2021-38171 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 17/17] linux-yocto/5.4: update to v5.4.144 Anuj Mittal
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
fd80923202c6 Linux 5.4.143
4bf194158102 netfilter: nft_exthdr: fix endianness of tcp option cast
e4fd994f02c5 fs: warn about impending deprecation of mandatory locks
41c7f46c89f6 mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
1a3aa81444d3 mm, memcg: avoid stale protection values when cgroup is above protection
9c1c449dcca0 ASoC: intel: atom: Fix breakage for PCM buffer address setup
846ba58a7c06 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
548b75f4905e btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
0fc6a9c2025b ipack: tpci200: fix memory leak in the tpci200_register
280d66b31797 ipack: tpci200: fix many double free issues in tpci200_pci_probe
cb7aa5103146 slimbus: ngd: reset dma setup during runtime pm
abce32d0f7f4 slimbus: messaging: check for valid transaction id
0786d315f55c slimbus: messaging: start transaction ids from 1 instead of zero
20c2f141b1e5 tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
8fbfebe188c0 ALSA: hda - fix the 'Capture Switch' value change notifications
85e60614d1f6 mmc: dw_mmc: Fix hang on data CRC error
4f6c9caf7b6c ovl: add splice file read write helper
85813f1f9e86 iavf: Fix ping is lost after untrusted VF had tried to change MAC
a498115dcd9c i40e: Fix ATR queue selection
1b8a8fba7853 ovs: clear skb->tstamp in forwarding path
84dbbf5482e3 net: mdio-mux: Handle -EPROBE_DEFER correctly
453486e79ed2 net: mdio-mux: Don't ignore memory allocation errors
6b70c67849bb net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
da92ce364595 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
9aeadce8e33b virtio-net: support XDP when not more queues
3ed7cf8386c9 vrf: Reset skb conntrack connection on VRF rcv
447b16028956 bnxt_en: Add missing DMA memory barriers
c9566df334d0 ptp_pch: Restore dependency on PCI
a73b9aa14269 net: 6pack: fix slab-out-of-bounds in decode_data
2bc75713434b bnxt: disable napi before canceling DIM
a9fb0f155980 bnxt: don't lock the tx queue from napi poll
1fe038030cc8 bpf: Clear zext_dst of dead insns
73a45f75a07b vhost: Fix the calculation in vhost_overflow()
b9a59636c4bf virtio: Protect vqs list access
b264e37b3517 dccp: add do-while-0 stubs for dccp_pr_debug macros
9112ebc2990a cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
cb9a9d5fe636 iommu: Check if group is NULL before remove device
911a8141efdd Bluetooth: hidp: use correct wait queue when removing ctrl_wait
5b14c1f16e2d drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
f92dc3a89dd8 net: usb: lan78xx: don't modify phy_device state concurrently
be7043679967 ARM: dts: nomadik: Fix up interrupt controller node names
69aa1a1a569f scsi: core: Fix capacity set to zero after offlinining device
935de7ec7a4d scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
7a721a1e1885 scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
9900e06ae6e6 scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
e37cf26bd56d dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
12d1322d93a6 ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
11145efd295b dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
9c97a0539288 dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
fc566b5a21f5 USB: core: Avoid WARNings for 0-length descriptor requests
1bd505c814cc media: drivers/media/usb: fix memory leak in zr364xx_probe
705660a6d98d media: zr364xx: fix memory leaks in probe()
79dff2a3f41a media: zr364xx: propagate errors from zr364xx_start_readpipe()
7305d6d4078f mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
23f77ad13f81 ath9k: Postpone key cache entry deletion for TXQ frames reference it
c6feaf806da6 ath: Modify ath_key_delete() to not need full key entry
b7d593705eb4 ath: Export ath_hw_keysetmac()
add283e2517a ath9k: Clear key cache explicitly on disabling hardware
0c049ce432b3 ath: Use safer key clearing with key cache entries
172b91bbbb49 x86/fpu: Make init_fpstate correct with optimized XSAVE
81d152c8daf8 ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index f838a65c35..45eb2f6a50 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "b872fc896dcc555149f26c5dd683f7e6394852d6"
-SRCREV_meta ?= "719be4bd6c3c7575e7942dc016e3c3bb028f163d"
+SRCREV_machine ?= "f4f6c136157b70468cf54389034aeaa41bbc5538"
+SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.142"
+LINUX_VERSION ?= "5.4.143"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 0178d172f8..a2f212e2ef 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.142"
+LINUX_VERSION ?= "5.4.143"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "4addf3f9e4f68bc7c03ea19ad95f2a4836ac9873"
-SRCREV_machine ?= "964802684eb1495bd1c5f625307b6d41515a3e9a"
-SRCREV_meta ?= "719be4bd6c3c7575e7942dc016e3c3bb028f163d"
+SRCREV_machine_qemuarm ?= "83b75c59c277ba3f87759cf558f9f230c1ed3bf7"
+SRCREV_machine ?= "1f981e60c9f6162337d2a65c891f2e29d8e1c862"
+SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index b30efe86c5..136bc55e92 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "9b1b66b01c88cf5035d148f37c70b8215c8fde15"
-SRCREV_machine_qemuarm64 ?= "e91700bf8d8130226679954a8137c5f3fd54b81d"
-SRCREV_machine_qemumips ?= "332bc089f06636156b9d5b2a04228c03c680c6d0"
-SRCREV_machine_qemuppc ?= "1bf103767b96923aa6ca76e9e095b04c13ce93cd"
-SRCREV_machine_qemuriscv64 ?= "108b8b822e7bbba492deafe60ee86839291c3250"
-SRCREV_machine_qemux86 ?= "108b8b822e7bbba492deafe60ee86839291c3250"
-SRCREV_machine_qemux86-64 ?= "108b8b822e7bbba492deafe60ee86839291c3250"
-SRCREV_machine_qemumips64 ?= "7b31f99f9e245d029de7fb9e3480f7b00f846b8f"
-SRCREV_machine ?= "108b8b822e7bbba492deafe60ee86839291c3250"
-SRCREV_meta ?= "719be4bd6c3c7575e7942dc016e3c3bb028f163d"
+SRCREV_machine_qemuarm ?= "a5fb40d66dcf9b95e82a06724fe8b33a03295af4"
+SRCREV_machine_qemuarm64 ?= "bffde671f5262afb5139ef58b10be043de1d368a"
+SRCREV_machine_qemumips ?= "ac8adae0a4a582e9593b527a14f3a7e407a22e6e"
+SRCREV_machine_qemuppc ?= "022718ee2b3805d465613f05813fd6313cbb988f"
+SRCREV_machine_qemuriscv64 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
+SRCREV_machine_qemux86 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
+SRCREV_machine_qemux86-64 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
+SRCREV_machine_qemumips64 ?= "46871b96c7f3f1658f4b9875d6645ff7996e98f1"
+SRCREV_machine ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
+SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.142"
+LINUX_VERSION ?= "5.4.143"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread* [hardknott][PATCH 17/17] linux-yocto/5.4: update to v5.4.144
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
` (15 preceding siblings ...)
2021-09-15 23:15 ` [hardknott][PATCH 16/17] linux-yocto/5.4: update to v5.4.143 Anuj Mittal
@ 2021-09-15 23:15 ` Anuj Mittal
16 siblings, 0 replies; 18+ messages in thread
From: Anuj Mittal @ 2021-09-15 23:15 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
c6bf0ed9d1a7 Linux 5.4.144
0634c0f91995 audit: move put_tree() to avoid trim_trees refcount underflow and UAF
cab0003311a0 net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
6752b3b0628e Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat"
67871ada3a53 Revert "floppy: reintroduce O_NDELAY fix"
d7f7eca72ecc btrfs: fix NULL pointer dereference when deleting device by invalid id
e644da7ace0f arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
4f76285f6df8 KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
620681d7201a net: dsa: mt7530: fix VLAN traffic leaks again
38adbf21f37e bpf: Fix cast to pointer from integer of different size warning
812ee47ad76e bpf: Track contents of read-only maps as scalars
f4418015201b vt_kdsetmode: extend console locking
8a19e0045086 btrfs: fix race between marking inode needs to be logged and log syncing
f3a1ac258ebc net/rds: dma_map_sg is entitled to merge entries
ad6a2bc7588a drm/nouveau/disp: power down unused DP links during init
689179c462d8 drm: Copy drm_wait_vblank to user before returning
18ceb99f8483 qed: Fix null-pointer dereference in qed_rdma_create_qp()
f1a0db49abd5 qed: qed ll2 race condition fixes
73ba9e4ece4b vringh: Use wiov->used to check for read/write desc order
ee52acae6fb5 virtio_pci: Support surprise removal of virtio pci device
be9b79e84154 virtio: Improve vq->broken access to avoid any compiler optimization
0d4ba693db48 opp: remove WARN when no valid OPPs remain
baf56a1d8199 perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
0ad96094ab90 usb: gadget: u_audio: fix race condition on endpoint stop
c5c2b4ca5035 drm/i915: Fix syncmap memory leak
2f3cefa6abf0 net: hns3: fix get wrong pfc_en when query PFC configuration
6f0c0b35e277 net: hns3: fix duplicate node in VLAN list
951805c23dff net: hns3: clear hardware resource when loading driver
08162f65642c rtnetlink: Return correct error on changing device netns
f58e42d1928c net: marvell: fix MVNETA_TX_IN_PRGRS bit number
45454400a647 xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
53b480e68c1c ip_gre: add validation for csum_start
bb8ca7e2e67e RDMA/efa: Free IRQ vectors on error flow
e29565b4515e e1000e: Fix the max snoop/no-snoop latency for 10M
8a21e84334ec IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
944a50f56f1b RDMA/bnxt_re: Add missing spin lock initialization
28b189541027 scsi: core: Fix hang of freezing queue between blocking and running device
628c582854d3 usb: dwc3: gadget: Stop EP0 transfers during pullup disable
d9da281c8f9e usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
21880abf19ba USB: serial: option: add new VID/PID to support Fibocom FG150
2e098e91eeec Revert "USB: serial: ch341: fix character loss at high transfer rates"
16b281a70a10 can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
765437d1f078 mm, oom: make the calculation of oom badness more accurate
1cccf5c03077 mmc: sdhci-msm: Update the software timeout value for sdhc
aec1e470d906 ovl: fix uninitialized pointer read in ovl_lookup_real_one()
57bd5b59f1ce once: Fix panic when module unload
5892f910f401 netfilter: conntrack: collect all entries in one cycle
7c95c89b6929 ARC: Fix CONFIG_STACKDEPOT
a6b049aeefa8 net: qrtr: fix another OOB Read in qrtr_endpoint_post
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../linux/linux-yocto-rt_5.4.bb | 6 ++---
.../linux/linux-yocto-tiny_5.4.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +++++++++----------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 45eb2f6a50..7589d8ee1a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "f4f6c136157b70468cf54389034aeaa41bbc5538"
-SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
+SRCREV_machine ?= "7f67141bca949eff8953f965c26475286d1a20cf"
+SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.143"
+LINUX_VERSION ?= "5.4.144"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index a2f212e2ef..5ee1d359b2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.143"
+LINUX_VERSION ?= "5.4.144"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "83b75c59c277ba3f87759cf558f9f230c1ed3bf7"
-SRCREV_machine ?= "1f981e60c9f6162337d2a65c891f2e29d8e1c862"
-SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
+SRCREV_machine_qemuarm ?= "08336ce8b4ebc2b21c28488c85098c6816f3d99f"
+SRCREV_machine ?= "8220749d3e8643091b118d93a857333e2c91a1eb"
+SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 136bc55e92..b600211bde 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "a5fb40d66dcf9b95e82a06724fe8b33a03295af4"
-SRCREV_machine_qemuarm64 ?= "bffde671f5262afb5139ef58b10be043de1d368a"
-SRCREV_machine_qemumips ?= "ac8adae0a4a582e9593b527a14f3a7e407a22e6e"
-SRCREV_machine_qemuppc ?= "022718ee2b3805d465613f05813fd6313cbb988f"
-SRCREV_machine_qemuriscv64 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
-SRCREV_machine_qemux86 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
-SRCREV_machine_qemux86-64 ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
-SRCREV_machine_qemumips64 ?= "46871b96c7f3f1658f4b9875d6645ff7996e98f1"
-SRCREV_machine ?= "484eb3a36ef32d910da9a38a3f67ff2b2d1f7aa2"
-SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
+SRCREV_machine_qemuarm ?= "78a2f9d323a755a34cdc96af4bcf61ffd32a3db0"
+SRCREV_machine_qemuarm64 ?= "aa6ec6934e35c8b0948f6b7c9bdbdef45d72be35"
+SRCREV_machine_qemumips ?= "a892524441b30e5e8c491e22e36e3473fc6a0fe0"
+SRCREV_machine_qemuppc ?= "784ca7c7837811123b5bd97cde964e45fbf5179b"
+SRCREV_machine_qemuriscv64 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
+SRCREV_machine_qemux86 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
+SRCREV_machine_qemux86-64 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
+SRCREV_machine_qemumips64 ?= "d765ea7455bf978a9a86e8e90e032336b0baf887"
+SRCREV_machine ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
+SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.143"
+LINUX_VERSION ?= "5.4.144"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.31.1
^ permalink raw reply related [flat|nested] 18+ messages in thread