Re: [OE-core][PATCH] grub2: fix CVE-2021-3981
Hi Richard, I saw this patch has been merged to master. Could you help to merge this patch and commit 0f528608eb48809955b2610ecc4bd689f1cf8899 Author: Alexander Kanavin Date: 2021-06-15 10:12 grub: upgrade 2.04+2.06~rc1 -> 2.06 Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie to branch hardknott also? Or do I need to send those patches again for hardknott? Thanks, Yongxin > -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Yongxin Liu > Sent: Monday, December 27, 2021 14:55 > To: richard.pur...@linuxfoundation.org; openembedded- > c...@lists.openembedded.org > Subject: [OE-core][PATCH] grub2: fix CVE-2021-3981 > > Signed-off-by: Yongxin Liu > --- > ...onfig-Restore-umask-for-the-grub.cfg.patch | 49 +++ > meta/recipes-bsp/grub/grub2.inc | 1 + > 2 files changed, 50 insertions(+) > create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981-grub- > mkconfig-Restore-umask-for-the-grub.cfg.patch > > diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig- > Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE- > 2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch > new file mode 100644 > index 00..dae26fd8bb > --- /dev/null > +++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-um > +++ ask-for-the-grub.cfg.patch > @@ -0,0 +1,49 @@ > +From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001 > +From: Michael Chang > +Date: Fri, 3 Dec 2021 16:13:28 +0800 > +Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg > + > +The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating > +configuration by grub-mkconfig) has inadvertently discarded umask for > +creating grub.cfg in the process of running grub-mkconfig. The > +resulting wrong permission (0644) would allow unprivileged users to > +read GRUB configuration file content. This presents a low > +confidentiality risk as grub.cfg may contain non-secured plain-text > passwords. > + > +This patch restores the missing umask and sets the creation file mode > +to 0600 preventing unprivileged access. > + > +Fixes: CVE-2021-3981 > + > +Signed-off-by: Michael Chang > +Reviewed-by: Daniel Kiper > + > +Upstream-Status: Backport > +CVE: CVE-2021-3981 > + > +Reference to upstream patch: > +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec296745610347 > +71c13e446069b41ef41e4d4 > + > +Signed-off-by: Yongxin Liu > +--- > + util/grub-mkconfig.in | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in index > +c3ea7612e..62335d027 100644 > +--- a/util/grub-mkconfig.in > b/util/grub-mkconfig.in > +@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report > with > + exit 1 > + else > + # none of the children aborted with error, install the new > +grub.cfg > ++oldumask=$(umask) > ++umask 077 > + cat ${grub_cfg}.new > ${grub_cfg} > ++umask $oldumask > + rm -f ${grub_cfg}.new > + fi > + fi > +-- > +2.31.1 > + > diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes- > bsp/grub/grub2.inc index bb791347dc..a72a562c5a 100644 > --- a/meta/recipes-bsp/grub/grub2.inc > +++ b/meta/recipes-bsp/grub/grub2.inc > @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ > file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ > file://determinism.patch \ > file://0001-RISC-V-Restore-the-typcast-to-long.patch \ > + > + file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patc > + h \ > " > > SRC_URI[sha256sum] = > "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" > -- > 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160222): https://lists.openembedded.org/g/openembedded-core/message/160222 Mute This Topic: https://lists.openembedded.org/mt/87974226/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] [DNM] e2fsprogs: upgrade 1.46.4 -> 1.46.5
Signed-off-by: Otavio Salvador --- The ptest is failing[1]; I didn't spot anything obvious and couldn't reproduce the error in my NixOS host (ended sending the update so it also runs on their CI - https://github.com/NixOS/nixpkgs/pull/153660). 1. https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/2963/steps/12/logs/stdio I need someone to help on this so I'd like to ask for the patch to not be merged as it has known issues. Changes in v2: - remove patch headers - avoid changing not required patches ...ct_io-expect-correct-expected-output.patch | 69 --- ...2fsprogs_1.46.4.bb => e2fsprogs_1.46.5.bb} | 9 +-- 2 files changed, 3 insertions(+), 75 deletions(-) delete mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-tests-u_direct_io-expect-correct-expected-output.patch rename meta/recipes-devtools/e2fsprogs/{e2fsprogs_1.46.4.bb => e2fsprogs_1.46.5.bb} (94%) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-tests-u_direct_io-expect-correct-expected-output.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-tests-u_direct_io-expect-correct-expected-output.patch deleted file mode 100644 index f198df83eb..00 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-tests-u_direct_io-expect-correct-expected-output.patch +++ /dev/null @@ -1,69 +0,0 @@ -From ea5adf259e01c790f9ba69d6fe88d691de410b6f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Sun, 22 Aug 2021 14:37:32 +0200 -Subject: [PATCH] tests/u_direct_io/expect: correct expected output - -This is likely the right fix, but upstream needs to confirm. - -Upstream-Status: Inappropriate [issue reported https://github.com/tytso/e2fsprogs/issues/80] -Signed-off-by: Alexander Kanavin - tests/u_direct_io/expect | 16 +--- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/tests/u_direct_io/expect b/tests/u_direct_io/expect -index b0cdc730..830cbd75 100644 a/tests/u_direct_io/expect -+++ b/tests/u_direct_io/expect -@@ -19,8 +19,8 @@ Filesystem OS type: Linux - Inode count: 32768 - Block count: 32768 - Reserved block count: 1638 --Overhead clusters:5131 --Free blocks: 27631 -+Overhead clusters:6155 -+Free blocks: 26607 - Free inodes: 32757 - First block: 0 - Block size: 4096 -@@ -29,27 +29,29 @@ Reserved GDT blocks: 7 - Blocks per group: 32768 - Fragments per group: 32768 - Inodes per group: 32768 --Inode blocks per group: 1024 -+Inode blocks per group: 2048 - Flex block group size:16 - Mount count: 0 - Check interval: 15552000 (6 months) - Reserved blocks uid: 0 - Reserved blocks gid: 0 - First inode: 11 --Inode size: 128 -+Inode size: 256 -+Required extra isize: 32 -+Desired extra isize: 32 - Journal inode:8 - Default directory hash: half_md4 - Journal backup: inode blocks - Directories: 2 - Group 0: block bitmap at 9, inode bitmap at 25, inode table at 41 -- 27631 free blocks, 32757 free inodes, 2 used directories -+ 26607 free blocks, 32757 free inodes, 2 used directories - e2fsck -fn -N test_filesys $LOOP - Pass 1: Checking inodes, blocks, and sizes - Pass 2: Checking directory structure - Pass 3: Checking directory connectivity - Pass 4: Checking reference counts - Pass 5: Checking group summary information --test_filesys: 11/32768 files (9.1% non-contiguous), 5137/32768 blocks -+test_filesys: 11/32768 files (9.1% non-contiguous), 6161/32768 blocks - Exit status is 0 - e2fsck -fn -N test_filesys $TMPFILE - Pass 1: Checking inodes, blocks, and sizes -@@ -57,5 +59,5 @@ Pass 2: Checking directory structure - Pass 3: Checking directory connectivity - Pass 4: Checking reference counts - Pass 5: Checking group summary information --test_filesys: 11/32768 files (9.1% non-contiguous), 5137/32768 blocks -+test_filesys: 11/32768 files (9.1% non-contiguous), 6161/32768 blocks - Exit status is 0 diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.4.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb similarity index 94% rename from meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.4.bb rename to meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb index f42cefcaf9..68b8531565 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.4.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb @@ -4,14 +4,11 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://run-ptest \ file://ptest.patch \ file://mkdir_p.patch \ - file://0001-tests-u_direct_io-expect-correct-expected-output.patch \ + file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ + file://quiet-debugfs.patch \ " -SRC_URI:append:class-native = "
[OE-core] [PATCH 2/3] [DNM] python3-setuptools: upgrade 59.5.0 -> 60.2.0
Signed-off-by: Otavio Salvador --- The patch seems to break some native package building due do host contamination; I faced it at btrfs-progs, for example. I need someone which has more intimacy in Python to help on this so I'd like to ask for the patch to not be merged as it has known issues. Changes in v2: - remove wrong patch header ...01-conditionally-do-not-fetch-code-by-easy_install.patch | 6 +++--- ...n3-setuptools_59.5.0.bb => python3-setuptools_60.2.0.bb} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/python/{python3-setuptools_59.5.0.bb => python3-setuptools_60.2.0.bb} (94%) diff --git a/meta/recipes-devtools/python/files/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/meta/recipes-devtools/python/files/0001-conditionally-do-not-fetch-code-by-easy_install.patch index 5e2ee454da..5d508f759f 100644 --- a/meta/recipes-devtools/python/files/0001-conditionally-do-not-fetch-code-by-easy_install.patch +++ b/meta/recipes-devtools/python/files/0001-conditionally-do-not-fetch-code-by-easy_install.patch @@ -1,4 +1,4 @@ -From da88c57fe03e4474ba20325edacf519e80c1d7a8 Mon Sep 17 00:00:00 2001 +From 74abf3fae060c87b04e5fb8c382ecc835afc3a50 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Tue, 17 Jul 2018 10:13:38 +0800 Subject: [PATCH] conditionally do not fetch code by easy_install @@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia 1 file changed, 5 insertions(+) diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py -index fc848d0..c04a5de 100644 +index fb34d10..217fce1 100644 --- a/setuptools/command/easy_install.py +++ b/setuptools/command/easy_install.py -@@ -642,6 +642,11 @@ class easy_install(Command): +@@ -649,6 +649,11 @@ class easy_install(Command): os.path.exists(tmpdir) and rmtree(tmpdir) def easy_install(self, spec, deps=False): diff --git a/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb b/meta/recipes-devtools/python/python3-setuptools_60.2.0.bb similarity index 94% rename from meta/recipes-devtools/python/python3-setuptools_59.5.0.bb rename to meta/recipes-devtools/python/python3-setuptools_60.2.0.bb index 878fa08404..8748f91388 100644 --- a/meta/recipes-devtools/python/python3-setuptools_59.5.0.bb +++ b/meta/recipes-devtools/python/python3-setuptools_60.2.0.bb @@ -13,7 +13,7 @@ SRC_URI += "\ file://0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch \ " -SRC_URI[sha256sum] = "d144f85102f999444d06f9c0e8c737fd0194f10f2f7e5fdb77573f6e2fa4fad0" +SRC_URI[sha256sum] = "675fcebecb43c32eb930481abf907619137547f4336206e4d673180242e1a278" DEPENDS += "${PYTHON_PN}" -- 2.34.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160220): https://lists.openembedded.org/g/openembedded-core/message/160220 Mute This Topic: https://lists.openembedded.org/mt/88227970/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] libxcrypt, libxcrypt-compat: upgrade 4.4.26 -> 4.4.27
License-Update: build-aux files updated. Signed-off-by: Otavio Salvador --- Changes in v2: - fix license checksum error - update libxcrypt too .../libxcrypt/files/fix_cflags_handling.patch | 10 +- ...ypt-compat_4.4.26.bb => libxcrypt-compat_4.4.27.bb} | 0 meta/recipes-core/libxcrypt/libxcrypt.inc | 4 ++-- .../{libxcrypt_4.4.26.bb => libxcrypt_4.4.27.bb} | 0 4 files changed, 7 insertions(+), 7 deletions(-) rename meta/recipes-core/libxcrypt/{libxcrypt-compat_4.4.26.bb => libxcrypt-compat_4.4.27.bb} (100%) rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.26.bb => libxcrypt_4.4.27.bb} (100%) diff --git a/meta/recipes-core/libxcrypt/files/fix_cflags_handling.patch b/meta/recipes-core/libxcrypt/files/fix_cflags_handling.patch index 0772998c72..94aa3fed49 100644 --- a/meta/recipes-core/libxcrypt/files/fix_cflags_handling.patch +++ b/meta/recipes-core/libxcrypt/files/fix_cflags_handling.patch @@ -1,4 +1,4 @@ -From fd9a46695594c3cd836ecb7d959f03f605e69a2f Mon Sep 17 00:00:00 2001 +From 7b2a0cdc281d94a5782c37ef87040c341447b4b4 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 30 Apr 2021 10:35:02 +0100 Subject: [PATCH] libxcrypt: Update to 4.4.19 release and fix symbol version @@ -15,13 +15,13 @@ Upstream-Status: Submitted [https://github.com/besser82/libxcrypt/pull/126] Signed-off-by: Richard Purdie --- - build-aux/compute-symver-floor | 2 ++ + build-aux/scripts/compute-symver-floor | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/build-aux/compute-symver-floor b/build-aux/compute-symver-floor +diff --git a/build-aux/scripts/compute-symver-floor b/build-aux/scripts/compute-symver-floor index 4ec82e1..8117342 100644 a/build-aux/compute-symver-floor -+++ b/build-aux/compute-symver-floor +--- a/build-aux/scripts/compute-symver-floor b/build-aux/scripts/compute-symver-floor @@ -36,6 +36,8 @@ sub preprocessor_check { die "C compiler not available\n" unless @CC; diff --git a/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.26.bb b/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.27.bb similarity index 100% rename from meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.26.bb rename to meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.27.bb diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc index 9186c45e18..725965e535 100644 --- a/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -3,14 +3,14 @@ DESCRIPTION = "Forked code from glibc libary to extract only crypto part." HOMEPAGE = "https://github.com/besser82/libxcrypt; SECTION = "libs" LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://LICENSING;md5=29c5f9af198623cdce52a77f85695164 \ +LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \ " inherit autotools pkgconfig SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" -SRCREV = "8ff7a8c5019cbd50419f7d0a8cd691eb99d6b086" +SRCREV = "814e715dd8580ff00344112d7d8383a6a5a5b83d" SRCBRANCH ?= "develop" SRC_URI += "file://fix_cflags_handling.patch" diff --git a/meta/recipes-core/libxcrypt/libxcrypt_4.4.26.bb b/meta/recipes-core/libxcrypt/libxcrypt_4.4.27.bb similarity index 100% rename from meta/recipes-core/libxcrypt/libxcrypt_4.4.26.bb rename to meta/recipes-core/libxcrypt/libxcrypt_4.4.27.bb -- 2.34.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160219): https://lists.openembedded.org/g/openembedded-core/message/160219 Mute This Topic: https://lists.openembedded.org/mt/88227962/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] weston: Backport patches to always activate the top-level surface
On 1/5/22 23:40, Steve Sakoman wrote: On Wed, Jan 5, 2022 at 12:25 PM Marek Vasut wrote: On 1/5/22 23:21, Marek Vasut wrote: In case the device has only touchscreen input device and no keyboard or mouse, the top level surface is never activated. The behavior differs from a device which has a keyboard (or gpio-keys, or even uinput-emulated keyboard), where callchain activate()->weston_view_activate()->weston_seat_set_keyboard_focus()-> weston_keyboard_set_focus()->wl_signal_emit(>focus_signal, keyboard)-> handle_keyboard_focus()->weston_desktop_surface_set_activated(..., true); sets the top level surface as activated. On device with touchscreen, the above is never called, hence the top level surface is never activated. Add explicit weston_desktop_surface_set_activated(shsurf->desktop_surface, true); into activate() to always active the top level surface. This fixes at least two known issues on such devices: - Wayland terminal cursor is an empty bar (full bar with keyboard present) - Chromium dropdown menus are randomly placed (they are placed correctly when keyboard is present, because then chromium can find the activated top level surface) Signed-off-by: Marek Vasut Cc: Steve Sakoman And that Subject should've had [dunfell] tag, sorry. Do you need a resend ? No, I've got it! Thanks, Thanks -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160218): https://lists.openembedded.org/g/openembedded-core/message/160218 Mute This Topic: https://lists.openembedded.org/mt/88225658/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] weston: Backport patches to always activate the top-level surface
On Wed, Jan 5, 2022 at 12:25 PM Marek Vasut wrote: > > On 1/5/22 23:21, Marek Vasut wrote: > > In case the device has only touchscreen input device and no keyboard or > > mouse, > > the top level surface is never activated. The behavior differs from a device > > which has a keyboard (or gpio-keys, or even uinput-emulated keyboard), where > > callchain > > activate()->weston_view_activate()->weston_seat_set_keyboard_focus()-> > > weston_keyboard_set_focus()->wl_signal_emit(>focus_signal, > > keyboard)-> > > handle_keyboard_focus()->weston_desktop_surface_set_activated(..., true); > > sets > > the top level surface as activated. On device with touchscreen, the above is > > never called, hence the top level surface is never activated. Add explicit > > weston_desktop_surface_set_activated(shsurf->desktop_surface, true); into > > activate() to always active the top level surface. > > > > This fixes at least two known issues on such devices: > > - Wayland terminal cursor is an empty bar (full bar with keyboard present) > > - Chromium dropdown menus are randomly placed (they are placed correctly > >when keyboard is present, because then chromium can find the activated > >top level surface) > > > > Signed-off-by: Marek Vasut > > Cc: Steve Sakoman > > And that Subject should've had [dunfell] tag, sorry. > Do you need a resend ? No, I've got it! Thanks, Steve -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160217): https://lists.openembedded.org/g/openembedded-core/message/160217 Mute This Topic: https://lists.openembedded.org/mt/88225658/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] weston: Backport patches to always activate the top-level surface
On 1/5/22 23:21, Marek Vasut wrote: In case the device has only touchscreen input device and no keyboard or mouse, the top level surface is never activated. The behavior differs from a device which has a keyboard (or gpio-keys, or even uinput-emulated keyboard), where callchain activate()->weston_view_activate()->weston_seat_set_keyboard_focus()-> weston_keyboard_set_focus()->wl_signal_emit(>focus_signal, keyboard)-> handle_keyboard_focus()->weston_desktop_surface_set_activated(..., true); sets the top level surface as activated. On device with touchscreen, the above is never called, hence the top level surface is never activated. Add explicit weston_desktop_surface_set_activated(shsurf->desktop_surface, true); into activate() to always active the top level surface. This fixes at least two known issues on such devices: - Wayland terminal cursor is an empty bar (full bar with keyboard present) - Chromium dropdown menus are randomly placed (they are placed correctly when keyboard is present, because then chromium can find the activated top level surface) Signed-off-by: Marek Vasut Cc: Steve Sakoman And that Subject should've had [dunfell] tag, sorry. Do you need a resend ? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160216): https://lists.openembedded.org/g/openembedded-core/message/160216 Mute This Topic: https://lists.openembedded.org/mt/88225658/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] weston: Backport patches to always activate the top-level surface
In case the device has only touchscreen input device and no keyboard or mouse, the top level surface is never activated. The behavior differs from a device which has a keyboard (or gpio-keys, or even uinput-emulated keyboard), where callchain activate()->weston_view_activate()->weston_seat_set_keyboard_focus()-> weston_keyboard_set_focus()->wl_signal_emit(>focus_signal, keyboard)-> handle_keyboard_focus()->weston_desktop_surface_set_activated(..., true); sets the top level surface as activated. On device with touchscreen, the above is never called, hence the top level surface is never activated. Add explicit weston_desktop_surface_set_activated(shsurf->desktop_surface, true); into activate() to always active the top level surface. This fixes at least two known issues on such devices: - Wayland terminal cursor is an empty bar (full bar with keyboard present) - Chromium dropdown menus are randomly placed (they are placed correctly when keyboard is present, because then chromium can find the activated top level surface) Signed-off-by: Marek Vasut Cc: Steve Sakoman --- ...move-no-op-de-activation-of-the-xdg-.patch | 32 ++ ...name-gain-lose-keyboard-focus-to-act.patch | 57 +++ ...bed-keyboard-focus-handle-code-when-.patch | 99 +++ meta/recipes-graphics/wayland/weston_8.0.0.bb | 3 + 4 files changed, 191 insertions(+) create mode 100644 meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch create mode 100644 meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch create mode 100644 meta/recipes-graphics/wayland/weston/0004-desktop-shell-Embed-keyboard-focus-handle-code-when-.patch diff --git a/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch b/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch new file mode 100644 index 00..fb36d3817a --- /dev/null +++ b/meta/recipes-graphics/wayland/weston/0002-desktop-shell-Remove-no-op-de-activation-of-the-xdg-.patch @@ -0,0 +1,32 @@ +From 5c74a0640e873694bf60a88eceb21f664cb4b8f7 Mon Sep 17 00:00:00 2001 +From: Marius Vlad +Date: Fri, 5 Mar 2021 20:03:49 +0200 +Subject: [PATCH 2/5] desktop-shell: Remove no-op de-activation of the xdg + top-level surface + +The shsurf is calloc'ed so the surface count is always 0. Not only +that but the surface is not set as active by default, so there's no +need to de-activate it. + +Upstream-Status: Backport [05bef4c18a3e82376a46a4a28d978389c4c0fd0f] +Signed-off-by: Marius Vlad +--- + desktop-shell/shell.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c +index 442a625f..3791be25 100644 +--- a/desktop-shell/shell.c b/desktop-shell/shell.c +@@ -2427,8 +2427,6 @@ desktop_surface_added(struct weston_desktop_surface *desktop_surface, + wl_list_init(>children_link); + + weston_desktop_surface_set_user_data(desktop_surface, shsurf); +- weston_desktop_surface_set_activated(desktop_surface, +- shsurf->focus_count > 0); + } + + static void +-- +2.34.1 + diff --git a/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch b/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch new file mode 100644 index 00..dcd0700fca --- /dev/null +++ b/meta/recipes-graphics/wayland/weston/0003-desktop-shell-Rename-gain-lose-keyboard-focus-to-act.patch @@ -0,0 +1,57 @@ +From edb31c456ae3da7efb668a37ab88075c4b67 Mon Sep 17 00:00:00 2001 +From: Marius Vlad +Date: Fri, 5 Mar 2021 21:40:22 +0200 +Subject: [PATCH 3/5] desktop-shell: Rename gain/lose keyboard focus to + activate/de-activate + +This way it better reflects that it handles activation rather that input +focus. + +Upstream-Status: Backport [ab39e1d76d4f6715cb300bc37f5c2a0e2d426208] +Signed-off-by: Marius Vlad +--- + desktop-shell/shell.c | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c +index 3791be25..c4669f11 100644 +--- a/desktop-shell/shell.c b/desktop-shell/shell.c +@@ -1869,14 +1869,14 @@ handle_pointer_focus(struct wl_listener *listener, void *data) + } + + static void +-shell_surface_lose_keyboard_focus(struct shell_surface *shsurf) ++shell_surface_deactivate(struct shell_surface *shsurf) + { + if (--shsurf->focus_count == 0) + weston_desktop_surface_set_activated(shsurf->desktop_surface, false); + } + + static void +-shell_surface_gain_keyboard_focus(struct shell_surface *shsurf) ++shell_surface_activate(struct shell_surface *shsurf) + { + if (shsurf->focus_count++ == 0) + weston_desktop_surface_set_activated(shsurf->desktop_surface, true); +@@ -1891,7 +1891,7 @@ handle_keyboard_focus(struct
Re: [OE-core] [PATCH 2/2] package.bbclass: don't skip kernel and kernel modules
On 1/5/22 09:30, Bruce Ashfield wrote: On Wed, Jan 5, 2022 at 12:07 PM Richard Purdie wrote: On Tue, 2022-01-04 at 14:07 -0800, Saul Wold wrote: On 12/22/21 01:09, Richard Purdie wrote: On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote: Stop ignoring or skipping the kernel and kernel modules code in the split debug and striping functions, this will allow create_spdx to process the kernel and modules. Signed-off-by: Saul Wold --- meta/classes/package.bbclass | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass index 84eafbd529..4b7fe4f1e1 100644 --- a/meta/classes/package.bbclass +++ b/meta/classes/package.bbclass @@ -390,10 +390,6 @@ def splitdebuginfo(file, dvar, debugdir, debuglibdir, debugappend, debugsrcdir, dvar = d.getVar('PKGD') objcopy = d.getVar("OBJCOPY") -# We ignore kernel modules, we don't generate debug info files. -if file.find("/lib/modules/") != -1 and file.endswith(".ko"): -return (file, sources) - newmode = None if not os.access(file, os.W_OK) or os.access(file, os.R_OK): origmode = os.stat(file)[stat.ST_MODE] @@ -1147,7 +1143,7 @@ python split_and_strip_files () { if file.endswith(".ko") and file.find("/lib/modules/") != -1: kernmods.append(file) -continue + if oe.package.is_static_lib(file): staticlibs.append(file) continue @@ -1165,7 +1161,7 @@ python split_and_strip_files () { continue # Check its an executable if (s[stat.ST_MODE] & stat.S_IXUSR) or (s[stat.ST_MODE] & stat.S_IXGRP) or (s[stat.ST_MODE] & stat.S_IXOTH) \ -or ((file.startswith(libdir) or file.startswith(baselibdir)) and (".so" in f or ".node" in f)): +or ((file.startswith(libdir) or file.startswith(baselibdir)) and (".so" in f or ".node" in f)) or (f.startswith('vmlinux') or ".ko" in f): if cpath.islink(file): checkelflinks[file] = ltarget edgerouter: https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/4513 https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/2507/steps/11/logs/stdio So I have been digging into this and it seems that an option was added a decade ago or so to strip the kernel/vmlinux when it's too big, this was done for at least the routerstationpro according to bug #3515 [0], and persists with the edgerouter, although I am not sure if it would still actually be required as the edgerouter also uses the KERNEL_ALT_IMAGETYPE to create a smaller binary kernel image. The change I proposed causes the all kernels to be stripped all the time as part of the split_and_strip_files(). As I see it there few different options: 1) Set KERNEL_IMAGE_EXTRA_STRIP_SECTIONS = "" in create_spdx.bbclass - This solves the problem with create_spdx.bbclass is in use, but not the general case I don't think I like this as it is a side effect that isn't obvious or expected. 2) Remove the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS from edgerouter.conf - Will solve the edgerouter case but may not solve other usages unknown to me. - Does anyone know of other machines/layers usage of this variable? 3) deprecate the kernel.bbclass:do_strip function in favor of using the split_and_strip_files() of package.bbclass I know Bruce has said he doesn't like this, however stepping back, these issues were from a time our stripping code was young and evolving. If we can standardise and have it all work together well in one set of functions, I think that is worth looking at. I'd prefer the kernel wasn't a special case if it no longer needs to be. That said, I don't remember the details of why we did this. There's a middle ground of debug being possible, and some sections removed to keep the footprint a bit lower. There were also some unwinders, etc, that didn't work when everything was stripped and split into debug. The stripping was too aggressive, and removed some sections that were required. While I can't exactly point to the use cases for it now, with the 5K options in the kernel, they haven't all been removed, and I'd be very hesitant to remove the capability completely. I think this makes the most sense after thinking about it also, having one place where the striping occurs in runstrip() in lib/oe/package.py, seems reasonable. The one neck to ring as it were. We can extend the is_elf() types to add vmlinux and use the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS there. So this could deprecate the do_strip() from the kernel.bbclass and keep the behavior. Sau! Bruce 4) Change error to warning in packaging.bbclass for the kernel only - This would explain that a kernel image (vmlinux) is already stripped and extended package data would not be
Re: [OE-core] [PATCH 2/2] package.bbclass: don't skip kernel and kernel modules
On Wed, 2022-01-05 at 12:30 -0500, Bruce Ashfield wrote: > On Wed, Jan 5, 2022 at 12:07 PM Richard Purdie > wrote: > > > > On Tue, 2022-01-04 at 14:07 -0800, Saul Wold wrote: > > > > > > On 12/22/21 01:09, Richard Purdie wrote: > > > > On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote: > > > > > Stop ignoring or skipping the kernel and kernel modules code in the > > > > > split debug and striping functions, this will allow create_spdx to > > > > > process the kernel and modules. > > > > > > > > > > Signed-off-by: Saul Wold > > > > > --- > > > > > meta/classes/package.bbclass | 8 ++-- > > > > > 1 file changed, 2 insertions(+), 6 deletions(-) > > > > > > > > > > diff --git a/meta/classes/package.bbclass > > > > > b/meta/classes/package.bbclass > > > > > index 84eafbd529..4b7fe4f1e1 100644 > > > > > --- a/meta/classes/package.bbclass > > > > > +++ b/meta/classes/package.bbclass > > > > > @@ -390,10 +390,6 @@ def splitdebuginfo(file, dvar, debugdir, > > > > > debuglibdir, debugappend, debugsrcdir, > > > > > dvar = d.getVar('PKGD') > > > > > objcopy = d.getVar("OBJCOPY") > > > > > > > > > > -# We ignore kernel modules, we don't generate debug info files. > > > > > -if file.find("/lib/modules/") != -1 and file.endswith(".ko"): > > > > > -return (file, sources) > > > > > - > > > > > newmode = None > > > > > if not os.access(file, os.W_OK) or os.access(file, os.R_OK): > > > > > origmode = os.stat(file)[stat.ST_MODE] > > > > > @@ -1147,7 +1143,7 @@ python split_and_strip_files () { > > > > > > > > > > if file.endswith(".ko") and > > > > > file.find("/lib/modules/") != -1: > > > > > kernmods.append(file) > > > > > -continue > > > > > + > > > > > if oe.package.is_static_lib(file): > > > > > staticlibs.append(file) > > > > > continue > > > > > @@ -1165,7 +1161,7 @@ python split_and_strip_files () { > > > > > continue > > > > > # Check its an executable > > > > > if (s[stat.ST_MODE] & stat.S_IXUSR) or > > > > > (s[stat.ST_MODE] & stat.S_IXGRP) or (s[stat.ST_MODE] & stat.S_IXOTH) \ > > > > > -or ((file.startswith(libdir) or > > > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)): > > > > > +or ((file.startswith(libdir) or > > > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)) or > > > > > (f.startswith('vmlinux') or ".ko" in f): > > > > > > > > > > if cpath.islink(file): > > > > > checkelflinks[file] = ltarget > > > > > > > > edgerouter: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/4513 > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/2507/steps/11/logs/stdio > > > > > > > So I have been digging into this and it seems that an option was added a > > > decade ago or so to strip the kernel/vmlinux when it's too big, this was > > > done for at least the routerstationpro according to bug #3515 [0], and > > > persists with the edgerouter, although I am not sure if it would still > > > actually be required as the edgerouter also uses the > > > KERNEL_ALT_IMAGETYPE to create a smaller binary kernel image. > > > > > > The change I proposed causes the all kernels to be stripped all the time > > > as part of the split_and_strip_files(). As I see it there few different > > > options: > > > > > > 1) Set KERNEL_IMAGE_EXTRA_STRIP_SECTIONS = "" in create_spdx.bbclass > > >- This solves the problem with create_spdx.bbclass is in use, but not > > > the general case > > > > I don't think I like this as it is a side effect that isn't obvious or > > expected. > > > > > > > > 2) Remove the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS from edgerouter.conf > > >- Will solve the edgerouter case but may not solve other usages > > > unknown to me. > > >- Does anyone know of other machines/layers usage of this variable? > > > > > > 3) deprecate the kernel.bbclass:do_strip function in favor of using the > > > split_and_strip_files() of package.bbclass > > > > I know Bruce has said he doesn't like this, however stepping back, these > > issues > > were from a time our stripping code was young and evolving. If we can > > standardise and have it all work together well in one set of functions, I > > think > > that is worth looking at. I'd prefer the kernel wasn't a special case if it > > no > > longer needs to be. > > > > That said, I don't remember the details of why we did this. > > There's a middle ground of debug being possible, and some sections > removed to keep the footprint a bit lower. There were also some > unwinders, etc, that didn't work when everything was stripped and > split into debug. The stripping was too aggressive, and removed some > sections that were required. > > While I can't
Re: [OE-core] [PATCH 2/2] package.bbclass: don't skip kernel and kernel modules
On Wed, Jan 5, 2022 at 12:07 PM Richard Purdie wrote: > > On Tue, 2022-01-04 at 14:07 -0800, Saul Wold wrote: > > > > On 12/22/21 01:09, Richard Purdie wrote: > > > On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote: > > > > Stop ignoring or skipping the kernel and kernel modules code in the > > > > split debug and striping functions, this will allow create_spdx to > > > > process the kernel and modules. > > > > > > > > Signed-off-by: Saul Wold > > > > --- > > > > meta/classes/package.bbclass | 8 ++-- > > > > 1 file changed, 2 insertions(+), 6 deletions(-) > > > > > > > > diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass > > > > index 84eafbd529..4b7fe4f1e1 100644 > > > > --- a/meta/classes/package.bbclass > > > > +++ b/meta/classes/package.bbclass > > > > @@ -390,10 +390,6 @@ def splitdebuginfo(file, dvar, debugdir, > > > > debuglibdir, debugappend, debugsrcdir, > > > > dvar = d.getVar('PKGD') > > > > objcopy = d.getVar("OBJCOPY") > > > > > > > > -# We ignore kernel modules, we don't generate debug info files. > > > > -if file.find("/lib/modules/") != -1 and file.endswith(".ko"): > > > > -return (file, sources) > > > > - > > > > newmode = None > > > > if not os.access(file, os.W_OK) or os.access(file, os.R_OK): > > > > origmode = os.stat(file)[stat.ST_MODE] > > > > @@ -1147,7 +1143,7 @@ python split_and_strip_files () { > > > > > > > > if file.endswith(".ko") and > > > > file.find("/lib/modules/") != -1: > > > > kernmods.append(file) > > > > -continue > > > > + > > > > if oe.package.is_static_lib(file): > > > > staticlibs.append(file) > > > > continue > > > > @@ -1165,7 +1161,7 @@ python split_and_strip_files () { > > > > continue > > > > # Check its an executable > > > > if (s[stat.ST_MODE] & stat.S_IXUSR) or > > > > (s[stat.ST_MODE] & stat.S_IXGRP) or (s[stat.ST_MODE] & stat.S_IXOTH) \ > > > > -or ((file.startswith(libdir) or > > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)): > > > > +or ((file.startswith(libdir) or > > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)) or > > > > (f.startswith('vmlinux') or ".ko" in f): > > > > > > > > if cpath.islink(file): > > > > checkelflinks[file] = ltarget > > > > > > edgerouter: > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/4513 > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/2507/steps/11/logs/stdio > > > > > So I have been digging into this and it seems that an option was added a > > decade ago or so to strip the kernel/vmlinux when it's too big, this was > > done for at least the routerstationpro according to bug #3515 [0], and > > persists with the edgerouter, although I am not sure if it would still > > actually be required as the edgerouter also uses the > > KERNEL_ALT_IMAGETYPE to create a smaller binary kernel image. > > > > The change I proposed causes the all kernels to be stripped all the time > > as part of the split_and_strip_files(). As I see it there few different > > options: > > > > 1) Set KERNEL_IMAGE_EXTRA_STRIP_SECTIONS = "" in create_spdx.bbclass > >- This solves the problem with create_spdx.bbclass is in use, but not > > the general case > > I don't think I like this as it is a side effect that isn't obvious or > expected. > > > > > 2) Remove the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS from edgerouter.conf > >- Will solve the edgerouter case but may not solve other usages > > unknown to me. > >- Does anyone know of other machines/layers usage of this variable? > > > > 3) deprecate the kernel.bbclass:do_strip function in favor of using the > > split_and_strip_files() of package.bbclass > > I know Bruce has said he doesn't like this, however stepping back, these > issues > were from a time our stripping code was young and evolving. If we can > standardise and have it all work together well in one set of functions, I > think > that is worth looking at. I'd prefer the kernel wasn't a special case if it no > longer needs to be. > > That said, I don't remember the details of why we did this. There's a middle ground of debug being possible, and some sections removed to keep the footprint a bit lower. There were also some unwinders, etc, that didn't work when everything was stripped and split into debug. The stripping was too aggressive, and removed some sections that were required. While I can't exactly point to the use cases for it now, with the 5K options in the kernel, they haven't all been removed, and I'd be very hesitant to remove the capability completely. Bruce > > > > > > 4) Change error to warning in packaging.bbclass for the kernel only > >- This would explain that a kernel
Re: [OE-core] [PATCH 2/2] package.bbclass: don't skip kernel and kernel modules
On Tue, 2022-01-04 at 14:07 -0800, Saul Wold wrote: > > On 12/22/21 01:09, Richard Purdie wrote: > > On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote: > > > Stop ignoring or skipping the kernel and kernel modules code in the > > > split debug and striping functions, this will allow create_spdx to > > > process the kernel and modules. > > > > > > Signed-off-by: Saul Wold > > > --- > > > meta/classes/package.bbclass | 8 ++-- > > > 1 file changed, 2 insertions(+), 6 deletions(-) > > > > > > diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass > > > index 84eafbd529..4b7fe4f1e1 100644 > > > --- a/meta/classes/package.bbclass > > > +++ b/meta/classes/package.bbclass > > > @@ -390,10 +390,6 @@ def splitdebuginfo(file, dvar, debugdir, > > > debuglibdir, debugappend, debugsrcdir, > > > dvar = d.getVar('PKGD') > > > objcopy = d.getVar("OBJCOPY") > > > > > > -# We ignore kernel modules, we don't generate debug info files. > > > -if file.find("/lib/modules/") != -1 and file.endswith(".ko"): > > > -return (file, sources) > > > - > > > newmode = None > > > if not os.access(file, os.W_OK) or os.access(file, os.R_OK): > > > origmode = os.stat(file)[stat.ST_MODE] > > > @@ -1147,7 +1143,7 @@ python split_and_strip_files () { > > > > > > if file.endswith(".ko") and file.find("/lib/modules/") > > > != -1: > > > kernmods.append(file) > > > -continue > > > + > > > if oe.package.is_static_lib(file): > > > staticlibs.append(file) > > > continue > > > @@ -1165,7 +1161,7 @@ python split_and_strip_files () { > > > continue > > > # Check its an executable > > > if (s[stat.ST_MODE] & stat.S_IXUSR) or (s[stat.ST_MODE] > > > & stat.S_IXGRP) or (s[stat.ST_MODE] & stat.S_IXOTH) \ > > > -or ((file.startswith(libdir) or > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)): > > > +or ((file.startswith(libdir) or > > > file.startswith(baselibdir)) and (".so" in f or ".node" in f)) or > > > (f.startswith('vmlinux') or ".ko" in f): > > > > > > if cpath.islink(file): > > > checkelflinks[file] = ltarget > > > > edgerouter: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/4513 > > https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/2507/steps/11/logs/stdio > > > So I have been digging into this and it seems that an option was added a > decade ago or so to strip the kernel/vmlinux when it's too big, this was > done for at least the routerstationpro according to bug #3515 [0], and > persists with the edgerouter, although I am not sure if it would still > actually be required as the edgerouter also uses the > KERNEL_ALT_IMAGETYPE to create a smaller binary kernel image. > > The change I proposed causes the all kernels to be stripped all the time > as part of the split_and_strip_files(). As I see it there few different > options: > > 1) Set KERNEL_IMAGE_EXTRA_STRIP_SECTIONS = "" in create_spdx.bbclass >- This solves the problem with create_spdx.bbclass is in use, but not > the general case I don't think I like this as it is a side effect that isn't obvious or expected. > > 2) Remove the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS from edgerouter.conf >- Will solve the edgerouter case but may not solve other usages > unknown to me. >- Does anyone know of other machines/layers usage of this variable? > > 3) deprecate the kernel.bbclass:do_strip function in favor of using the > split_and_strip_files() of package.bbclass I know Bruce has said he doesn't like this, however stepping back, these issues were from a time our stripping code was young and evolving. If we can standardise and have it all work together well in one set of functions, I think that is worth looking at. I'd prefer the kernel wasn't a special case if it no longer needs to be. That said, I don't remember the details of why we did this. > > 4) Change error to warning in packaging.bbclass for the kernel only >- This would explain that a kernel image (vmlinux) is already > stripped and extended package data would not be available for for SPDX > creation. > > RP, Bruce, Joshua: Thoughts? If we can simplify and stop the kernel being a special case for this code (or handle kernels generically) that would be worth a bit of effort IMO... Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160211): https://lists.openembedded.org/g/openembedded-core/message/160211 Mute This Topic: https://lists.openembedded.org/mt/87884056/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
Re: [OE-core] [PATCH 2/2] package.bbclass: don't skip kernel and kernel modules
On Tue, Jan 4, 2022 at 5:08 PM Saul Wold wrote: > > > > On 12/22/21 01:09, Richard Purdie wrote: > > On Tue, 2021-12-21 at 11:08 -0800, Saul Wold wrote: > >> Stop ignoring or skipping the kernel and kernel modules code in the > >> split debug and striping functions, this will allow create_spdx to > >> process the kernel and modules. > >> > >> Signed-off-by: Saul Wold > >> --- > >> meta/classes/package.bbclass | 8 ++-- > >> 1 file changed, 2 insertions(+), 6 deletions(-) > >> > >> diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass > >> index 84eafbd529..4b7fe4f1e1 100644 > >> --- a/meta/classes/package.bbclass > >> +++ b/meta/classes/package.bbclass > >> @@ -390,10 +390,6 @@ def splitdebuginfo(file, dvar, debugdir, debuglibdir, > >> debugappend, debugsrcdir, > >> dvar = d.getVar('PKGD') > >> objcopy = d.getVar("OBJCOPY") > >> > >> -# We ignore kernel modules, we don't generate debug info files. > >> -if file.find("/lib/modules/") != -1 and file.endswith(".ko"): > >> -return (file, sources) > >> - > >> newmode = None > >> if not os.access(file, os.W_OK) or os.access(file, os.R_OK): > >> origmode = os.stat(file)[stat.ST_MODE] > >> @@ -1147,7 +1143,7 @@ python split_and_strip_files () { > >> > >> if file.endswith(".ko") and file.find("/lib/modules/") > >> != -1: > >> kernmods.append(file) > >> -continue > >> + > >> if oe.package.is_static_lib(file): > >> staticlibs.append(file) > >> continue > >> @@ -1165,7 +1161,7 @@ python split_and_strip_files () { > >> continue > >> # Check its an executable > >> if (s[stat.ST_MODE] & stat.S_IXUSR) or (s[stat.ST_MODE] > >> & stat.S_IXGRP) or (s[stat.ST_MODE] & stat.S_IXOTH) \ > >> -or ((file.startswith(libdir) or > >> file.startswith(baselibdir)) and (".so" in f or ".node" in f)): > >> +or ((file.startswith(libdir) or > >> file.startswith(baselibdir)) and (".so" in f or ".node" in f)) or > >> (f.startswith('vmlinux') or ".ko" in f): > >> > >> if cpath.islink(file): > >> checkelflinks[file] = ltarget > > > > edgerouter: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/4513 > > https://autobuilder.yoctoproject.org/typhoon/#/builders/111/builds/2507/steps/11/logs/stdio > > > So I have been digging into this and it seems that an option was added a > decade ago or so to strip the kernel/vmlinux when it's too big, this was > done for at least the routerstationpro according to bug #3515 [0], and > persists with the edgerouter, although I am not sure if it would still > actually be required as the edgerouter also uses the > KERNEL_ALT_IMAGETYPE to create a smaller binary kernel image. I recall when we added that! It was used for some other boards as well, but most of them aren't around anymore. > > The change I proposed causes the all kernels to be stripped all the time > as part of the split_and_strip_files(). As I see it there few different > options: Having some way to have a custom set of sections to strip (along with skipping stripping (but that can be done via the standard inhibit)) is something I'd suggest we preserve. But I suppose if you inhibit stripping, you'll stop both the packaging one and the kernel custom one ? > > 1) Set KERNEL_IMAGE_EXTRA_STRIP_SECTIONS = "" in create_spdx.bbclass >- This solves the problem with create_spdx.bbclass is in use, but not > the general case What are you considering the general case in this instance ? Meaning a non-spdx user of that same board, will run into issues with the already stripped ? If they can inhibit the do_package stripping, there is a way around it. > > 2) Remove the KERNEL_IMAGE_EXTRA_STRIP_SECTIONS from edgerouter.conf >- Will solve the edgerouter case but may not solve other usages > unknown to me. >- Does anyone know of other machines/layers usage of this variable? > See above. There are some machines, and even if not common, it is something I'd like to preserve. > 3) deprecate the kernel.bbclass:do_strip function in favor of using the > split_and_strip_files() of package.bbclass > I'd prefer to not do #3. > 4) Change error to warning in packaging.bbclass for the kernel only >- This would explain that a kernel image (vmlinux) is already > stripped and extended package data would not be available for for SPDX > creation. #4 is what came to mind for me. We already have special cases for the kernel, so this isn't making things more complex .. or maybe there's a more elegant "co-operative" section removal flag that the kernel bbclass can set, and then the packaging not error or automatically inhibit the QA check ? But #1 is my second choice. Bruce > > RP, Bruce, Joshua: Thoughts? > > Sau! > > [0]
[OE-core] [hardknott][PATCH 24/24] openssl: Add reproducibility fix
From: Richard Purdie When the date rolled from one year to another, it highlighted a reproducibility issue in openssl. Patch a workaround for this to avoid autobuilder failures. Help submitting upstream welcome. Signed-off-by: Richard Purdie (cherry picked from commit f8281e290737dba16a46d7ae937c66b3266e0fe8) Signed-off-by: Anuj Mittal --- .../openssl/openssl/reproducibility.patch | 22 +++ .../openssl/openssl_1.1.1l.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducibility.patch diff --git a/meta/recipes-connectivity/openssl/openssl/reproducibility.patch b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch new file mode 100644 index 00..8accbc9df2 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch @@ -0,0 +1,22 @@ +Using localtime() means the output can depend on the timezone of the build machine. +Using gmtime() is safer. For complete reproducibility use SOURCE_DATE_EPOCH if set. + +Signed-off-by: Richard Purdie +Upstream-Status: Pending [should be suitable] + +Index: openssl-3.0.1/apps/progs.pl +=== +--- openssl-3.0.1.orig/apps/progs.pl openssl-3.0.1/apps/progs.pl +@@ -21,7 +21,10 @@ die "Unrecognised option, must be -C or + my %commands = (); + my $cmdre= qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; + my $apps_openssl = shift @ARGV; +-my $YEAR = [localtime()]->[5] + 1900; ++my $YEAR = [gmtime()]->[5] + 1900; ++if (defined($ENV{SOURCE_DATE_EPOCH}) && $ENV{SOURCE_DATE_EPOCH} !~ /\D/) { ++$YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH})]->[5] + 1900; ++} + + # because the program apps/openssl has object files as sources, and + # they then have the corresponding C files as source, we need to chain diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb index 9ea5c4c81f..50500eebc2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb @@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://reproducible.patch \ + file://reproducibility.patch \ " SRC_URI_append_class-nativesdk = " \ -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160209): https://lists.openembedded.org/g/openembedded-core/message/160209 Mute This Topic: https://lists.openembedded.org/mt/88215657/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 23/24] webkitgtk: Add reproducibility fix
From: Richard Purdie When the date rolled from one year to another this highlighted a reproducibility issue. This could be better fixed by using SOURCE_DATE_EPOCH from the environment but I'm not sure how you do that in ruby. Help from someone with that knowledge to submit that upstream very welcome. Signed-off-by: Richard Purdie (cherry picked from commit 4d561c98f4d2e68d595aae4b03df1420cb01c3f7) Signed-off-by: Anuj Mittal --- .../webkit/webkitgtk/reproducibility.patch| 22 +++ meta/recipes-sato/webkit/webkitgtk_2.30.5.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-sato/webkit/webkitgtk/reproducibility.patch diff --git a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch new file mode 100644 index 00..e866a1a193 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch @@ -0,0 +1,22 @@ +Injection a year based on the current date isn't reproducible. Hack this +to a specific year for now for reproducibilty and to avoid autobuilder failures. + +The correct fix would be to use SOURCE_DATE_EPOCH from the environment and +then this could be submitted upstream, sadly my ruby isn't up to that. + +Upstream-Status: Pending [could be reworked] +Signed-off-by: Richard Purdie + +Index: webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb +=== +--- webkitgtk-2.34.2.orig/Source/JavaScriptCore/generator/GeneratedFile.rb webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb +@@ -25,7 +25,7 @@ require 'date' + require 'digest' + + $LICENSE = <<-EOF +-Copyright (C) #{Date.today.year} Apple Inc. All rights reserved. ++Copyright (C) 2021 Apple Inc. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions diff --git a/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb index 1fefc75c49..88b5056165 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.30.5.bb @@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://0001-Extend-atomics-check-to-include-1-byte-CAS-test.patch \ file://musl-lower-stack-usage.patch \ file://0001-MiniBrowser-Fix-reproduciblity.patch \ + file://reproducibility.patch \ " SRC_URI[sha256sum] = "7d0dab08e3c5ae07bec80b2822ef42e952765d5724cac86eb23999bfed5a7f1f" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160208): https://lists.openembedded.org/g/openembedded-core/message/160208 Mute This Topic: https://lists.openembedded.org/mt/88215656/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 19/24] binutils: Fix CVE-2021-45078
From: Sundeep KOKKONDA Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02] Signed-off-by: Sundeep KOKKONDA Signed-off-by: Anuj Mittal --- .../binutils/binutils-2.36.inc| 1 + .../binutils/0001-CVE-2021-45078.patch| 255 ++ 2 files changed, 256 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc b/meta/recipes-devtools/binutils/binutils-2.36.inc index e4fdadc70a..9574ddb6e1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.36.inc +++ b/meta/recipes-devtools/binutils/binutils-2.36.inc @@ -47,5 +47,6 @@ SRC_URI = "\ file://0017-CVE-2021-3530.patch \ file://0018-CVE-2021-3530.patch \ file://0001-CVE-2021-42574.patch \ + file://0001-CVE-2021-45078.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch new file mode 100644 index 00..f118e2599b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch @@ -0,0 +1,255 @@ +From 161e87d12167b1e36193385485c1f6ce92f74f02 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 15 Dec 2021 11:48:42 +1030 +Subject: [PATCH] PR28694, Out-of-bounds write in stab_xcoff_builtin_type + + PR 28694 + * stabs.c (stab_xcoff_builtin_type): Make typenum unsigned. + Negate typenum earlier, simplifying bounds checking. Correct + off-by-one indexing. Adjust switch cases. + + +CVE: CVE-2021-45078 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02] + +Signed-off-by: Sundeep KOKKONDA +--- + binutils/stabs.c | 87 + 1 file changed, 43 insertions(+), 44 deletions(-) + + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 274bfb0e7fa..83ee3ea5fa4 100644 +--- a/binutils/stabs.c b/binutils/stabs.c +@@ -202,7 +202,7 @@ static debug_type stab_find_type (void *, struct stab_handle *, const int *); + static bfd_boolean stab_record_type + (void *, struct stab_handle *, const int *, debug_type); + static debug_type stab_xcoff_builtin_type +- (void *, struct stab_handle *, int); ++ (void *, struct stab_handle *, unsigned int); + static debug_type stab_find_tagged_type + (void *, struct stab_handle *, const char *, int, enum debug_type_kind); + static debug_type *stab_demangle_argtypes +@@ -3496,166 +3496,167 @@ stab_record_type (void *dhandle ATTRIBUTE_UNUSED, struct stab_handle *info, + + static debug_type + stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info, +- int typenum) ++ unsigned int typenum) + { + debug_type rettype; + const char *name; + +- if (typenum >= 0 || typenum < -XCOFF_TYPE_COUNT) ++ typenum = -typenum - 1; ++ if (typenum >= XCOFF_TYPE_COUNT) + { +- fprintf (stderr, _("Unrecognized XCOFF type %d\n"), typenum); ++ fprintf (stderr, _("Unrecognized XCOFF type %d\n"), -typenum - 1); + return DEBUG_TYPE_NULL; + } +- if (info->xcoff_types[-typenum] != NULL) +-return info->xcoff_types[-typenum]; ++ if (info->xcoff_types[typenum] != NULL) ++return info->xcoff_types[typenum]; + +- switch (-typenum) ++ switch (typenum) + { +-case 1: ++case 0: + /* The size of this and all the other types are fixed, defined +by the debugging format. */ + name = "int"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +-case 2: ++case 1: + name = "char"; + rettype = debug_make_int_type (dhandle, 1, FALSE); + break; +-case 3: ++case 2: + name = "short"; + rettype = debug_make_int_type (dhandle, 2, FALSE); + break; +-case 4: ++case 3: + name = "long"; + rettype = debug_make_int_type (dhandle, 4, FALSE); + break; +-case 5: ++case 4: + name = "unsigned char"; + rettype = debug_make_int_type (dhandle, 1, TRUE); + break; +-case 6: ++case 5: + name = "signed char"; + rettype = debug_make_int_type (dhandle, 1, FALSE); + break; +-case 7: ++case 6: + name = "unsigned short"; + rettype = debug_make_int_type (dhandle, 2, TRUE); + break; +-case 8: ++case 7: + name = "unsigned int"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +-case 9: ++case 8: + name = "unsigned"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +-case 10: ++case 9: + name = "unsigned long"; + rettype = debug_make_int_type (dhandle, 4, TRUE); + break; +-case 11: ++case 10: + name = "void"; + rettype = debug_make_void_type (dhandle); +
[OE-core] [hardknott][PATCH 21/24] selftest: skip virgl test on fedora 34 entirely
From: Steve Sakoman Fedora 34 recently updated libdrm to 2.4.109 and this test will fail any time the host has libdrm > 2.4.107 Signed-off-by: Steve Sakoman (cherry picked from commit 1ab7aee542589f6b6c76f8515b4230ce870a8678) Signed-off-by: Anuj Mittal --- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index 668e978f17..2148e84ff3 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -187,6 +187,8 @@ class TestImage(OESelftestTestCase): self.skipTest('virgl isn\'t working with Centos 7') if distro and distro == 'centos-8': self.skipTest('virgl isn\'t working with Centos 8') +if distro and distro == 'fedora-34': +self.skipTest('virgl isn\'t working with Fedora 34') if distro and distro == 'opensuseleap-15.0': self.skipTest('virgl isn\'t working with Opensuse 15.0') -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160204): https://lists.openembedded.org/g/openembedded-core/message/160204 Mute This Topic: https://lists.openembedded.org/mt/88215650/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 20/24] selftest: skip virgl test on centos 8 entirely
From: Steve Sakoman With the sdl frontend, qemu isn't able to even boot fully, so let's skip the test early. Signed-off-by: Steve Sakoman (cherry picked from commit 74bb94a7d249b5c53f3e1d15688a3a323fc8e828) Signed-off-by: Anuj Mittal --- meta/lib/oeqa/selftest/cases/runtime_test.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index b20c5b427b..668e978f17 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -185,6 +185,8 @@ class TestImage(OESelftestTestCase): self.skipTest('virgl isn\'t working with Debian 9') if distro and distro == 'centos-7': self.skipTest('virgl isn\'t working with Centos 7') +if distro and distro == 'centos-8': +self.skipTest('virgl isn\'t working with Centos 8') if distro and distro == 'opensuseleap-15.0': self.skipTest('virgl isn\'t working with Opensuse 15.0') -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160205): https://lists.openembedded.org/g/openembedded-core/message/160205 Mute This Topic: https://lists.openembedded.org/mt/88215651/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 22/24] xserver-xorg: update CVE_PRODUCT
Some of the CVEs have x_server as the product name. Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie (cherry picked from commit 4d5d63cf8605515bb659b6b732683d7fe6540728) Signed-off-by: Anuj Mittal --- meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index b3e03744c0..497515a04a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -17,7 +17,7 @@ PE = "2" XORG_PN = "xorg-server" SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" -CVE_PRODUCT = "xorg-server" +CVE_PRODUCT = "xorg-server x_server" S = "${WORKDIR}/${XORG_PN}-${PV}" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160206): https://lists.openembedded.org/g/openembedded-core/message/160206 Mute This Topic: https://lists.openembedded.org/mt/88215652/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 18/24] xserver-xorg: fix CVE-2021-4011
From: Kai Kang Backport patch to fix CVE-2021-4011 for xserver-xorg. CVE: CVE-2021-4011 Signed-off-by: Kai Kang Signed-off-by: Anuj Mittal --- .../xserver-xorg/CVE-2021-4011.patch | 40 +++ .../xorg-xserver/xserver-xorg_1.20.10.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch new file mode 100644 index 00..c7eb03091d --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch @@ -0,0 +1,40 @@ +Backport patch to fix CVE-2021-4011. + +CVE: CVE-2021-4011 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c] + +Signed-off-by: Kai Kang + +From e56f61c79fc3cee26d83cda0f84ae56d5979f768 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas +Date: Tue, 14 Dec 2021 15:00:00 +0200 +Subject: [PATCH] record: Fix out of bounds access in SwapCreateRegister() + +ZDI-CAN-14952, CVE-2021-4011 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas +--- + record/record.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/record/record.c b/record/record.c +index be154525d..e123867a7 100644 +--- a/record/record.c b/record/record.c +@@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) + swapl(pClientID); + } + if (stuff->nRanges > +-client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) +-- stuff->nClients) ++(client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) ++- stuff->nClients) / bytes_to_int32(sz_xRecordRange)) + return BadLength; + RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); + return Success; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index 84b0acb42f..58f1eb328e 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -12,6 +12,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2021-4008.patch \ file://CVE-2021-4009.patch \ file://CVE-2021-4010.patch \ + file://CVE-2021-4011.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160203): https://lists.openembedded.org/g/openembedded-core/message/160203 Mute This Topic: https://lists.openembedded.org/mt/88215648/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 17/24] xserver-xorg: fix CVE-2021-4010
From: Kai Kang Backport patch to fix CVE-2021-4010 for xserver-xorg. CVE: CVE-2021-4010 Signed-off-by: Kai Kang Signed-off-by: Anuj Mittal --- .../xserver-xorg/CVE-2021-4010.patch | 39 +++ .../xorg-xserver/xserver-xorg_1.20.10.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch new file mode 100644 index 00..06ebe7d077 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch @@ -0,0 +1,39 @@ +Backport patch to fix CVE-2021-4010. + +CVE: CVE-2021-4010 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c530] + +Signed-off-by: Kai Kang + +From 6c4c53010772e3cb4cb8acd54950c8eec9c00d21 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas +Date: Tue, 14 Dec 2021 15:00:02 +0200 +Subject: [PATCH] Xext: Fix out of bounds access in SProcScreenSaverSuspend() + +ZDI-CAN-14951, CVE-2021-4010 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas +--- + Xext/saver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Xext/saver.c b/Xext/saver.c +index 1d7e3cadf..f813ba08d 100644 +--- a/Xext/saver.c b/Xext/saver.c +@@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client) + REQUEST(xScreenSaverSuspendReq); + + swaps(>length); +-swapl(>suspend); + REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); ++swapl(>suspend); + return ProcScreenSaverSuspend(client); + } + +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index ac32bb25c2..84b0acb42f 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -11,6 +11,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \ file://CVE-2021-4008.patch \ file://CVE-2021-4009.patch \ + file://CVE-2021-4010.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160202): https://lists.openembedded.org/g/openembedded-core/message/160202 Mute This Topic: https://lists.openembedded.org/mt/88215647/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 16/24] xserver-xorg: fix CVE-2021-4009
From: Kai Kang Backport patch to fix CVE-2021-4009 for xserver-xorg. CVE: CVE-2021-4009 Signed-off-by: Kai Kang Signed-off-by: Anuj Mittal --- .../xserver-xorg/CVE-2021-4009.patch | 50 +++ .../xorg-xserver/xserver-xorg_1.20.10.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch new file mode 100644 index 00..ddfbb43ee4 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch @@ -0,0 +1,50 @@ +Backport patch to fix CVE-2021-4009. + +CVE: CVE-2021-4009 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b519675] + +Signed-off-by: Kai Kang + +From b5196750099ae6ae582e1f46bd0a6dad29550e02 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas +Date: Tue, 14 Dec 2021 15:00:01 +0200 +Subject: [PATCH] xfixes: Fix out of bounds access in + *ProcXFixesCreatePointerBarrier() + +ZDI-CAN-14950, CVE-2021-4009 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas +--- + xfixes/cursor.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/xfixes/cursor.c b/xfixes/cursor.c +index 60580b88f..c5d4554b2 100644 +--- a/xfixes/cursor.c b/xfixes/cursor.c +@@ -1010,7 +1010,8 @@ ProcXFixesCreatePointerBarrier(ClientPtr client) + { + REQUEST(xXFixesCreatePointerBarrierReq); + +-REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); ++REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, ++ pad_to_int32(stuff->num_devices * sizeof(CARD16))); + LEGAL_NEW_RESOURCE(stuff->barrier, client); + + return XICreatePointerBarrier(client, stuff); +@@ -1027,7 +1028,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client) + + swaps(>length); + swaps(>num_devices); +-REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); ++REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, ++ pad_to_int32(stuff->num_devices * sizeof(CARD16))); + + swapl(>barrier); + swapl(>window); +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index 9a7aa1ed9a..ac32bb25c2 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2021-3472.patch \ file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \ file://CVE-2021-4008.patch \ + file://CVE-2021-4009.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160201): https://lists.openembedded.org/g/openembedded-core/message/160201 Mute This Topic: https://lists.openembedded.org/mt/88215641/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 15/24] xserver-xorg: fix CVE-2021-4008
From: Kai Kang Backport patch to fix CVE-2021-4008 for xserver-xorg. CVE: CVE-2021-4008 Signed-off-by: Kai Kang Signed-off-by: Anuj Mittal --- .../xserver-xorg/CVE-2021-4008.patch | 59 +++ .../xorg-xserver/xserver-xorg_1.20.10.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch new file mode 100644 index 00..3277be0185 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch @@ -0,0 +1,59 @@ +Backport patch to fix CVE-2021-4008. + +CVE: CVE-2021-4008 +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2] + +Signed-off-by: Kai Kang + +From ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas +Date: Tue, 14 Dec 2021 15:00:03 +0200 +Subject: [PATCH] render: Fix out of bounds access in + SProcRenderCompositeGlyphs() + +ZDI-CAN-14192, CVE-2021-4008 + +This vulnerability was discovered and the fix was suggested by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Povilas Kanapickas +--- + render/render.c | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/render/render.c b/render/render.c +index c376090ca..456f156d4 100644 +--- a/render/render.c b/render/render.c +@@ -2309,6 +2309,9 @@ SProcRenderCompositeGlyphs(ClientPtr client) + + i = elt->len; + if (i == 0xff) { ++if (buffer + 4 > end) { ++return BadLength; ++} + swapl((int *) buffer); + buffer += 4; + } +@@ -2319,12 +2322,18 @@ SProcRenderCompositeGlyphs(ClientPtr client) + buffer += i; + break; + case 2: ++if (buffer + i * 2 > end) { ++return BadLength; ++} + while (i--) { + swaps((short *) buffer); + buffer += 2; + } + break; + case 4: ++if (buffer + i * 4 > end) { ++return BadLength; ++} + while (i--) { + swapl((int *) buffer); + buffer += 4; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb index e0551fa999..9a7aa1ed9a 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb @@ -9,6 +9,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \ file://CVE-2021-3472.patch \ file://0001-hw-xwayland-Makefile.am-fix-build-without-glx.patch \ + file://CVE-2021-4008.patch \ " SRC_URI[sha256sum] = "977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160200): https://lists.openembedded.org/g/openembedded-core/message/160200 Mute This Topic: https://lists.openembedded.org/mt/88215639/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 14/24] linux-yocto/5.4: update to v5.4.167
From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: e8ef940326ef Linux 5.4.167 c97579584fa8 arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM 6026d4032dbb arm: extend pfn_valid to take into account freed memory map alignment 492f4d3cde95 memblock: ensure there is no overflow in memblock_overlaps_region() bdca964781a0 memblock: align freed memory map on pageblock boundaries with SPARSEMEM 60111b30be0b memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER 3e8e272805e7 hwmon: (dell-smm) Fix warning on /proc/i8k creation error f6f1d1911492 bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc b06b1f46306a selinux: fix race condition when computing ocontext SIDs 2fb8e4267c47 KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req 467359957ad2 tracing: Fix a kmemleak false positive in tracing_map fb8cd2b336e4 drm/amd/display: add connector type check for CRC source set 8fc2f28e3348 drm/amd/display: Fix for the no Audio bug with Tiled Displays c0315e93552e net: netlink: af_netlink: Prevent empty skb by adding a check on len. 7ff666e6fdc0 i2c: rk3x: Handle a spurious start completion interrupt flag 409ecd029ac5 parisc/agp: Annotate parisc agp init functions with __init 4233fbd459ac net/mlx4_en: Update reported link modes for 1/10G b6158d968b3e drm/msm/dsi: set default num_data_lanes d731ecc6f2ea nfc: fix segfault in nfc_genl_dump_devices_done c32c40ff8092 Linux 5.4.166 eb1b5eaaddec netfilter: selftest: conntrack_vrf.sh: fix file permission Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman (cherry picked from commit ebfe803e9545b862416e3a647c7a5e19e9c6acbd) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++ meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index f4b3aa114a..8922c0622d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6a419217887717ae815e47990c4f50540e4486f0" -SRCREV_meta ?= "c9027edfa2919e0148ba12d56afa7c5a797aad10" +SRCREV_machine ?= "2bddc20729f986e46ba5b802fa6ce8716ee34506" +SRCREV_meta ?= "ff304dbaec03398dc510602800b19d28b7c82927" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.165" +LINUX_VERSION ?= "5.4.167" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 0f97913ebf..a2db551ccb 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.165" +LINUX_VERSION ?= "5.4.167" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "de76f2a485fb6c73e3978b0138f756afb22e4db4" -SRCREV_machine ?= "74fb33c678e2cf4cfbf9c6aa3e1fe6b019d10a5e" -SRCREV_meta ?= "c9027edfa2919e0148ba12d56afa7c5a797aad10" +SRCREV_machine_qemuarm ?= "e8825a1df3d08af26acf8fc2ddb140c40aa233f4" +SRCREV_machine ?= "b9dbced11f660908cec12d5e1339bbff0ac28d59" +SRCREV_meta ?= "ff304dbaec03398dc510602800b19d28b7c82927" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 2b0466789e..78479b37e7 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "abbd99315753c7f8bde10fb6ac5b31d5ab7cdcd6" -SRCREV_machine_qemuarm64 ?= "ab4c88e094069467cdb4e7d7bbac303e5039bc9f" -SRCREV_machine_qemumips ?= "b52f600f9157b8107e5318d61f43007efb99c02c" -SRCREV_machine_qemuppc ?= "5b3b062a7c87b3265274da81dcf675596b90d65b" -SRCREV_machine_qemuriscv64 ?= "c232ad04fa15d324714799b90b9c4810a5dbe1bc" -SRCREV_machine_qemux86 ?= "c232ad04fa15d324714799b90b9c4810a5dbe1bc" -SRCREV_machine_qemux86-64 ?=
[OE-core] [hardknott][PATCH 13/24] linux-yocto/5.4: update to v5.4.165
From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 7f70428f0109 Linux 5.4.165 3a99b4baff3c bpf: Add selftests to cover packet access corner cases b8a2c49aa956 misc: fastrpc: fix improper packet size calculation 8f9a25e452f8 irqchip: nvic: Fix offset for Interrupt Priority Offsets 61981e5fee6d irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL fc20091b3f97 irqchip/armada-370-xp: Fix support for Multi-MSI interrupts a3689e694b39 irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() 8c163a142771 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove 20f0fb418b6c iio: ad7768-1: Call iio_trigger_notify_done() on error b68f44829b73 iio: adc: axp20x_adc: fix charging current reporting on AXP22x e79d86de1e96 iio: at91-sama5d2: Fix incorrect sign extension 5f3d932f91cb iio: dln2: Check return value of devm_iio_trigger_register() 7447f0450825 iio: dln2-adc: Fix lockdep complaint 4c0fa7ed5a3a iio: itg3200: Call iio_trigger_notify_done() on error e67d60c5ebb0 iio: kxsd9: Don't return error code in trigger handler f143cfdccfc9 iio: ltr501: Don't return error code in trigger handler acf0088ac073 iio: mma8452: Fix trigger reference couting 02553e971255 iio: stk3310: Don't return error code in interrupt handler 1374297ccf61 iio: trigger: stm32-timer: fix MODULE_ALIAS 1dadba28a829 iio: trigger: Fix reference counting ec0cddcc2454 xhci: avoid race between disable slot command and host runtime suspend 8d45969ca31a usb: core: config: using bit mask instead of individual bits d1eee0a3936f xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending d2f242d7a9ce usb: core: config: fix validation of wMaxPacketValue entries 9978777c5409 USB: gadget: zero allocate endpoint 0 buffers fd6de5a0cd42 USB: gadget: detect too-big endpoint 0 requests 46d3477cdef3 selftests/fib_tests: Rework fib_rp_filter_test() caff29d1129c net/qla3xxx: fix an error code in ql_adapter_up() 4aa28ac9373c net, neigh: clear whole pneigh_entry at alloc time f23f60e81af2 net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() 05bc4d266eaf net: altera: set a couple error code in probe() 84a890d6959e net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero e9ca63a07dd3 tools build: Remove needless libpython-version feature check that breaks test-all fast path 49e59d514408 dt-bindings: net: Reintroduce PHY no lane swap binding b78a27fa58cc mtd: rawnand: fsmc: Fix timing computation 7596d0deec7f mtd: rawnand: fsmc: Take instruction delay into account 9f88ca269c41 i40e: Fix pre-set max number of queues for VF 171527da8414 i40e: Fix failed opcode appearing if handling messages from VF ee8bfa62bf79 ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer 43dcb79c1d9b qede: validate non LSO skb length 727858a98ac9 block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) 9ba5635cfad7 tracefs: Set all files to the same group ownership as the mount option 4105e6a128e8 aio: fix use-after-free due to missing POLLFREE handling 380185111fa8 aio: keep poll requests on waitqueue until completed aac8151624b6 signalfd: use wake_up_pollfree() 1a478a0522e5 binder: use wake_up_pollfree() e0c03d15cd03 wait: add wake_up_pollfree() 6db0db1657cb libata: add horkage for ASMedia 1092 050ac9da6768 x86/sme: Explicitly map new EFI memmap table as encrypted 9f5b334ee654 can: m_can: Disable and ignore ELO interrupt abb4eff3dcd2 can: pch_can: pch_can_rx_normal: fix use after free 291a164ac1f3 drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. f53b73953ff8 clk: qcom: regmap-mux: fix parent clock lookup e871f89ebfe2 tracefs: Have new files inherit the ownership of their parent f5734b1714ca nfsd: Fix nsfd startup race (again) 412498e9e54b btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling aa4740bc8595 btrfs: clear extent buffer uptodate when we fail to write it 434927e938ce ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() 76f19e4cbb54 ALSA: pcm: oss: Limit the period size to 16MB f12c8a7515f6 ALSA: pcm: oss: Fix negative period/buffer sizes 5b06fa0cd2be ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform caaea6bd3e18 ALSA: ctl: Fix copy of updated id with element read/write a7ea5c099ad4 mm: bdi: initialize bdi_min_ratio when bdi is unregistered b8a79804056b IB/hfi1: Correct guard on eager buffer deallocation ab1be91cf1ec iavf: Fix reporting when setting descriptor count c21bb711d0fb iavf: restore MSI state on reset c8ae8c812e16 udp: using datalen to cap max gso segments ef8804e47c0a seg6: fix the iif in the IPv6 socket control block 2e0e072e62fd nfp: Fix memory leak in nfp_cpp_area_cache_add() 3db6482523ea bonding: make tx_rebalance_counter an atomic 143ceb9b6736 ice: ignore dropped packets during init 4174bd4221c2 bpf: Fix the off-by-two error in range markings 15f987473d33 vrf: don't run conntrack on vrf with !dflt qdisc 8d3563ecbca3
[OE-core] [hardknott][PATCH 12/24] linux-yocto/5.4: update to v5.4.163
From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 57899c4e26bf Linux 5.4.163 6c728efe164f tty: hvc: replace BUG_ON() with negative return value c3024e1945fe xen/netfront: don't trust the backend response data blindly 828b1d3861a1 xen/netfront: disentangle tx_skb_freelist 5b757077dacd xen/netfront: don't read data from request on the ring page 5c374d830e1b xen/netfront: read response from backend only once 3456a07614b1 xen/blkfront: don't trust the backend response data blindly 6392f51a9d2e xen/blkfront: don't take local copy of a request from the ring page ce011335cb42 xen/blkfront: read response from backend only once 61826a7884cb xen: sync include/xen/interface/io/ring.h with Xen's newest version 54f682cd4849 fuse: release pipe buf after last use eff32973ecc3 NFC: add NCI_UNREG flag to eliminate the race 43788453983e shm: extend forced shm destroy to support objects from several IPC nses b23c0c4c9e0a s390/mm: validate VMA in PGSTE manipulation functions 3c9a213e0edb tracing: Check pid filtering when creating events dda227cccf14 vhost/vsock: fix incorrect used length reported to the guest 2eacc0acf6ea smb3: do not error on fsync when readonly 51be334da375 f2fs: set SBI_NEED_FSCK flag when inconsistent node block found 3ceecea047c2 net: mscc: ocelot: correctly report the timestamping RX filters in ethtool ee4e3f9d3dd7 net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP 0ea2e5497b8c net: hns3: fix VF RSS failed problem after PF enable multi-TCs 3b961640399b net/smc: Don't call clcsock shutdown twice when smc shutdown 5e44178864b3 net: vlan: fix underflow for the real_dev refcnt 296139e1de16 MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 9f5838471aed igb: fix netpoll exit with traffic 25980820c4f0 nvmet: use IOCB_NOWAIT only if the filesystem supports it d54662a91faa tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows 562fe6a6d2c5 PM: hibernate: use correct mode for swsusp_close() 2654e6cfc483 net/ncsi : Add payload to be 32-bit aligned to fix dropped packets 080f6b694ef1 nvmet-tcp: fix incomplete data digest send 6c0ab2caa8d1 net/smc: Ensure the active closing peer first closes clcsock 7854de57be29 scsi: core: sysfs: Fix setting device state to SDEV_RUNNING 67a6f64a0c84 net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group cca61bb17042 net: ipv6: add fib6_nh_release_dsts stub ddd0518c1e09 nfp: checking parameter process for rx-usecs/tx-usecs is invalid b638eb32c64d ipv6: fix typos in __ip6_finish_output() 8029ced6d775 iavf: Prevent changing static ITR values if adaptive moderation is on 4374e414fcbf drm/vc4: fix error code in vc4_create_object() 7e324f734a91 scsi: mpt3sas: Fix kernel panic during drive powercycle test dc9eb93d5a0a ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE a078967dd34b NFSv42: Don't fail clone() unless the OP_CLONE operation failed ce50e97a06bd firmware: arm_scmi: pm: Propagate return value to caller 7360abf31ce0 net: ieee802154: handle iftypes as u32 4421a196fdaf ASoC: topology: Add missing rwsem around snd_ctl_remove() calls 76867d0cb83f ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer a848a22e9434 ARM: dts: BCM5301X: Add interrupt properties to GPIO node 03f7379e2c69 ARM: dts: BCM5301X: Fix I2C controller interrupt 17a763eab714 netfilter: ipvs: Fix reuse connection if RS weight is 0 fd7974c547ab proc/vmcore: fix clearing user buffer by properly using clear_user() 66d6eacba7a6 arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function 3a4baf070c6a pinctrl: armada-37xx: Correct PWM pins definitions 086226048bcd PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge 7c517d7b8898 PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge 44b2776a9307 PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge bbc6201152fb PCI: aardvark: Fix link training 3d770a20950b PCI: aardvark: Simplify initialization of rootcap on virtual bridge a06ace0d317d PCI: aardvark: Implement re-issuing config requests on CRS response 75faadcc3a0e PCI: aardvark: Fix PCIe Max Payload Size setting c697885a1281 PCI: aardvark: Configure PCIe resources from 'ranges' DT property e3c51ac70aae PCI: pci-bridge-emul: Fix array overruns, improve safety ea6eef03dafb PCI: aardvark: Update comment about disabling link training fe8a8c3a408e PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() 14311e77c93e PCI: aardvark: Fix compilation on s390 93491c5d26f7 PCI: aardvark: Don't touch PCIe registers if no card connected 8b0f7b8b7839 PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros e090b2e2708e PCI: aardvark: Issue PERST via GPIO 0ad291db2d01 PCI: aardvark: Improve link training 063a98c00528 PCI: aardvark: Train link immediately after enabling training bbe213fd12fb PCI: aardvark: Fix big endian support 5551081d845e PCI: aardvark: Wait for endpoint to be ready
[OE-core] [hardknott][PATCH 11/24] linux-yocto/5.4: update to v5.4.162
From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 9334f48f5673 Linux 5.4.162 46a8e16fcf2c ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() 293385739d68 ALSA: hda: hdac_ext_stream: fix potential locking issues 201340ca4eb7 hugetlbfs: flush TLBs correctly after huge_pmd_unshare e7891b22b251 tlb: mmu_gather: add tlb_flush_*_range APIs 10e34766d8ac ice: Delete always true check of PF pointer 101485e566ce usb: max-3421: Use driver data instead of maintaining a list of bound devices 4e1b3e718f24 ASoC: DAPM: Cover regression by kctl change notification fix 56a32c82761a batman-adv: Don't always reallocate the fragmentation skb head 08bceb1e30c2 batman-adv: Reserve needed_*room for fragments 374c55d416ab batman-adv: Consider fragmentation for needed_headroom 9eff9854f82d perf/core: Avoid put_page() when GUP fails e0122ea133cd Revert "net: mvpp2: disable force link UP during port init procedure" 4efa2509d3aa drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors c0276de0be48 drm/i915/dp: Ensure sink rate values are always valid 1c4af56ffbfb drm/nouveau: use drm_dev_unplug() during device removal 9e98622aa508 drm/udl: fix control-message timeout 52affc201fc2 cfg80211: call cfg80211_stop_ap when switch from P2P_GO type ca9834a1148b parisc/sticon: fix reverse colors 670f6b3867c8 btrfs: fix memory ordering between normal and ordered work functions 1c3882215946 udf: Fix crash after seekdir f79957d274b0 s390/kexec: fix memory leak of ipl report buffer b0e44dfb4e4c x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails f2e0cd42f198 mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag 95de3703a1d0 ipc: WARN if trying to remove ipc object which is absent 8997bb6d1ecc hexagon: export raw I/O routines for modules 01a7ecd36d1e tun: fix bonding active backup with arp monitoring 7c8f778f0a3a arm64: vdso32: suppress error message for 'make mrproper' e636f65b3d8f s390/kexec: fix return code handling cc093e5a966d perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server cc63a789d80d perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server 47a810817823 KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() 307d2e6cebfc NFC: reorder the logic in nfc_{un,}register_device da3a87eeb990 drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame e418bb556ff8 NFC: reorganize the functions in nci_request bbb8376d58ac i40e: Fix display error code in dmesg 69e5d27af579 i40e: Fix creation of first queue by omitting it if is not power of two 5564e9129f1f i40e: Fix ping is lost after configuring ADq on VF 8509178dc001 i40e: Fix changing previously set num_queue_pairs for PFs c30162da9132 i40e: Fix NULL ptr dereference on VSI filter sync 0a0308af22a5 i40e: Fix correct max_pkt_size on VF RX queue fb2dbc124a7f net: virtio_net_hdr_to_skb: count transport header in UFO d74ff10ed2d9 net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove 8b2c66b0f2a0 net: sched: act_mirred: drop dst for the direction from egress to ingress edd783162bf2 scsi: core: sysfs: Fix hang when device state is set via sysfs 446882f216ac platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' 453b5b614b93 mips: lantiq: add support for clk_get_parent() 477653f3e4e4 mips: bcm63xx: add support for clk_get_parent() 426fed211b49 MIPS: generic/yamon-dt: fix uninitialized variable error 67334abd4fb7 iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset 98f3badc414f iavf: validate pointers 92cecf349121 iavf: prevent accidental free of filter structure 63f032a956ed iavf: Fix failure to exit out from last all-multicast mode 926e8c83d4c1 iavf: free q_vectors before queues in iavf_disable_vf f0222e7eee0c iavf: check for null in iavf_fix_features b5638bc64a69 net: bnx2x: fix variable dereferenced before check fbba0692ec4b perf tests: Remove bash construct from record+zstd_comp_decomp.sh 9e0df711f8db perf bench futex: Fix memory leak of perf_cpu_map__new() 642fc22210a5 perf bpf: Avoid memory leak from perf_env__insert_btf() 6bf5523090a7 RDMA/netlink: Add __maybe_unused to static inline in C file ef82c3716a5a tracing/histogram: Do not copy the fixed-size char array field over the field size 80b777606925 tracing: Save normal string variables 8928e31a776a sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() a93a58bae950 mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set 05311b9192be clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk ee1317e1f4b0 clk/ast2600: Fix soc revision for AHB d6c32b4c83f6 clk: ingenic: Fix bugs with divided dividers 982d31ba5533 sh: define __BIG_ENDIAN for math-emu 214cd15d3675 sh: math-emu: drop unused functions 3d774e776f68 sh: fix kconfig unmet dependency warning for FRAME_POINTER 7727659e45f8 f2fs: fix up f2fs_lookup tracepoints d7c612f6b1f3 maple: fix wrong return value of
[OE-core] [hardknott][PATCH 10/24] linux-yocto/5.4: update to v5.4.159
From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 5915b0ea6746 Linux 5.4.159 abc49cc45d0a rsi: fix control-message timeout 64e6632ab4c1 media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init 6c382b63658e staging: rtl8192u: fix control-message timeouts f66258cb60e4 staging: r8712u: fix control-message timeout 88a252ff782c comedi: vmk80xx: fix bulk and interrupt message timeouts 1ae4715121a5 comedi: vmk80xx: fix bulk-buffer overflow 199acd8c110e comedi: vmk80xx: fix transfer-buffer overflows b0156b7c9649 comedi: ni_usb6501: fix NULL-deref in command paths 3efb7af8ac43 comedi: dt9812: fix DMA buffers on stack 6e80e9314f8b isofs: Fix out of bound access for corrupted isofs image adc56dbfc4aa printk/console: Allow to disable console output by using console="" or console=null 589ac131b3ab binder: don't detect sender/target during buffer cleanup b60e89b63eb9 usb-storage: Add compatibility quirk flags for iODD 2531/2541 5c3eba290479 usb: musb: Balance list entry in musb_gadget_queue 161571745de1 usb: gadget: Mark USB_FSL_QE broken on 64-bit d6013265a779 usb: ehci: handshake CMD_RUN instead of STS_HALT 6d000e1c1625 Revert "x86/kvm: fix vcpu-id indexed array sizes" Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman (cherry picked from commit 9c37c738a645b472175b93431deb47b47a1442e7) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++ meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 6646315c0d..6db06b6281 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "1a91fd560dcf8fa9e49fc2f17cb37483201a2b89" -SRCREV_meta ?= "db8bfc3a107db2a059fb8efa442f7daa17e8d55c" +SRCREV_machine ?= "e0b42b387dce06a55169f213efd8796912778abc" +SRCREV_meta ?= "8feda7148db44cfaa3bcce84b7fda6dcedbfd443" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.158" +LINUX_VERSION ?= "5.4.159" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 836ea62d8f..f217718c7b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.158" +LINUX_VERSION ?= "5.4.159" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "9b7cd001c33ea463bbb23fda6a79900ffc88c484" -SRCREV_machine ?= "80849cd7ef3a77895f8651cec85648578bef9135" -SRCREV_meta ?= "db8bfc3a107db2a059fb8efa442f7daa17e8d55c" +SRCREV_machine_qemuarm ?= "7062d2dd2f5e5e7a07616accce62ddc5abb7b570" +SRCREV_machine ?= "2494d7c8a13b2ce2a41c7bbc8276b5f4f6e61ac1" +SRCREV_meta ?= "8feda7148db44cfaa3bcce84b7fda6dcedbfd443" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 41d1e593aa..85f5eb2549 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "414c50525aea1ec953cca6d050d5c23db04de269" -SRCREV_machine_qemuarm64 ?= "ba5e3380aa8a3789907c031beac2ce81d1eb5d50" -SRCREV_machine_qemumips ?= "177841cfef0bd71b7b4f0e2e8e2ea3100ee4ea7a" -SRCREV_machine_qemuppc ?= "c3b4b69caef59344d4a59a2327f9f0130db9ccbe" -SRCREV_machine_qemuriscv64 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" -SRCREV_machine_qemux86 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" -SRCREV_machine_qemux86-64 ?= "76404f1ae59698b6a446dba29c885ca78c69c330" -SRCREV_machine_qemumips64 ?= "75a3c9aeedd5a8070079d96d0301a303ca3351a8" -SRCREV_machine ?= "76404f1ae59698b6a446dba29c885ca78c69c330" -SRCREV_meta ?= "db8bfc3a107db2a059fb8efa442f7daa17e8d55c" +SRCREV_machine_qemuarm ?=
[OE-core] [hardknott][PATCH 09/24] linux-yocto/5.10: update to v5.10.87
From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: 272aedd4a305 Linux 5.10.87 8dd559d53b3b arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM 65c578935bcc arm: extend pfn_valid to take into account freed memory map alignment 6e634c0e7155 memblock: ensure there is no overflow in memblock_overlaps_region() 74551f13c62f memblock: align freed memory map on pageblock boundaries with SPARSEMEM b4b54c7ba149 memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER b6a1cbd187fc perf intel-pt: Fix error timestamp setting on the decoder error path 0612aa02c2c8 perf intel-pt: Fix missing 'instruction' events with 'q' option 71c795028b31 perf intel-pt: Fix next 'err' value, walking trace 02681dd1780a perf intel-pt: Fix state setting when receiving overflow (OVF) packet cbed09b44ce0 perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type 3bb7fd4be8c4 perf intel-pt: Fix sync state when a PSB (synchronization) packet is found 731ff7884138 perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage b23f9252a41d perf inject: Fix itrace space allowed for new attributes 7c26da3be1e9 ethtool: do not perform operations on net devices being unregistered 6992d8c215c8 hwmon: (dell-smm) Fix warning on /proc/i8k creation error c31470a30c0d fuse: make sure reclaim doesn't write the inode 613725436e69 bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc 9099f3512678 staging: most: dim2: use device release method ac76adc87a78 KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req 6f0d9d3e74dc tracing: Fix a kmemleak false positive in tracing_map f35f7f04aa80 drm/amd/display: add connector type check for CRC source set dd3cea342522 drm/amd/display: Fix for the no Audio bug with Tiled Displays dadce61247c6 net: netlink: af_netlink: Prevent empty skb by adding a check on len. bca6af4325d6 i2c: rk3x: Handle a spurious start completion interrupt flag d6edec8a7b55 parisc/agp: Annotate parisc agp init functions with __init cf520ccffd9a ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P 701a07fd0274 ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid 6d22a96d12d7 net/mlx4_en: Update reported link modes for 1/10G 999069d8b040 Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" 27f4ce02b31a s390/test_unwind: use raw opcode instead of invalid instruction 9eab949e2b90 KVM: arm64: Save PSTATE early on exit 990fd815ec88 drm/msm/dsi: set default num_data_lanes c602863ad28e nfc: fix segfault in nfc_genl_dump_devices_done 37050f17f2d2 Linux 5.10.86 32414491834c netfilter: selftest: conntrack_vrf.sh: fix file permission Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 41e6433af247105b9430d5fe2ef3e32624d6ed76) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb| 8 +++ meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 76832251b7..6a1f48bbb0 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "97b3d2f0923ab9e9a9eb47c284006cddb0156146" -SRCREV_meta ?= "be7b73b2c0e453724d18520ae165b5d474735578" +SRCREV_machine ?= "d6b1cc83a5315388b060eaa6195f1ce77103c3d1" +SRCREV_meta ?= "1ab943530f4016a9ee7bd8fc3d10acf702c23c44" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.85" +LINUX_VERSION ?= "5.10.87" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 0071c60c75..38c01b78b2 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.85" +LINUX_VERSION ?= "5.10.87" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "615408bf1ba1cbc40750334329f97ea2b56e3d63" -SRCREV_machine ?= "3bd3c6de33c2efcef6feaa0f2624e8adc900bda7" -SRCREV_meta ?=
[OE-core] [hardknott][PATCH 08/24] linux-yocto/5.10: update to v5.10.85
From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: e4f2aee6612e Linux 5.10.85 47301c06f602 Documentation/Kbuild: Remove references to gcc-plugin.sh af5ba49cf705 MAINTAINERS: adjust GCC PLUGINS after gcc-plugin.sh removal ad13421fd2cd doc: gcc-plugins: update gcc-plugins.rst 9fc17c3af56c kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc d428e5477493 bpf: Add selftests to cover packet access corner cases 0ec0eda3f3c3 misc: fastrpc: fix improper packet size calculation 261d45a4c254 irqchip: nvic: Fix offset for Interrupt Priority Offsets cd946f0ebe78 irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL e1c6611f822e irqchip/armada-370-xp: Fix support for Multi-MSI interrupts 8f3ed9deaaac irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() d530e9943d64 irqchip/aspeed-scu: Replace update_bits with write_bits. 014c2fa5dc49 csky: fix typo of fpu config macro ee86d0bad80b iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove c10c53419d8d iio: ad7768-1: Call iio_trigger_notify_done() on error 0f86c9e818e7 iio: adc: axp20x_adc: fix charging current reporting on AXP22x af7fbb8c0b54 iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda fff92f3712d7 iio: at91-sama5d2: Fix incorrect sign extension a2545b147d23 iio: dln2: Check return value of devm_iio_trigger_register() 69ae78c1abe7 iio: dln2-adc: Fix lockdep complaint 416383999c66 iio: itg3200: Call iio_trigger_notify_done() on error bc4d8367ed0d iio: kxsd9: Don't return error code in trigger handler 28ea539a311e iio: ltr501: Don't return error code in trigger handler db12d9508536 iio: mma8452: Fix trigger reference couting 4e7852911084 iio: stk3310: Don't return error code in interrupt handler 5c4a0f307f2b iio: trigger: stm32-timer: fix MODULE_ALIAS 5de9c5b13062 iio: trigger: Fix reference counting cbc04c0c9a67 iio: gyro: adxrs290: fix data signedness fee8be5bde56 xhci: avoid race between disable slot command and host runtime suspend 1b43c9b65f6b usb: core: config: using bit mask instead of individual bits 74b6a6a239aa xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending ef284f086dd0 usb: core: config: fix validation of wMaxPacketValue entries e4de8ca013f0 USB: gadget: zero allocate endpoint 0 buffers 7193ad3e50e5 USB: gadget: detect too-big endpoint 0 requests 63fc70bffa16 selftests/fib_tests: Rework fib_rp_filter_test() 126d1897cbff net/qla3xxx: fix an error code in ql_adapter_up() 5e663bcd9a37 net, neigh: clear whole pneigh_entry at alloc time ae673832086e net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() 83b16b9c441b net: altera: set a couple error code in probe() 385ffd31ebdb net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero 47322fddb41e tools build: Remove needless libpython-version feature check that breaks test-all fast path 42bea3a1b7f2 dt-bindings: net: Reintroduce PHY no lane swap binding 3f57215f748b Documentation/locking/locktypes: Update migrate_disable() bits. 77d255d28b34 perf tools: Fix SMT detection fast read path 391ca20ea16e Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge" e5b7fb2198ab i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc 347cc9b4d966 mtd: rawnand: fsmc: Fix timing computation 0b2e1fccdf48 mtd: rawnand: fsmc: Take instruction delay into account 57f290572f45 i40e: Fix pre-set max number of queues for VF eb87117c27e7 i40e: Fix failed opcode appearing if handling messages from VF 82ed3829c937 clk: imx: use module_platform_driver 4d12546cf9e7 RDMA/hns: Do not destroy QP resources in the hw resetting phase 33f320c35d69 RDMA/hns: Do not halt commands during reset until later 4458938b297e ASoC: codecs: wcd934x: return correct value from mixer put 1089dac26c6b ASoC: codecs: wcd934x: handle channel mappping list correctly 83dae68fc00a ASoC: codecs: wsa881x: fix return values from kcontrol put 62e4dc5e130e ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer 2f4764fe3692 ASoC: rt5682: Fix crash due to out of scope stack vars bdd8129c6605 PM: runtime: Fix pm_runtime_active() kerneldoc comment 661c4412c563 qede: validate non LSO skb length c4d2d7c935a4 scsi: scsi_debug: Fix buffer size of REPORT ZONES command 1e434d2687e8 scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() 5dfe61147442 block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) 5f1f94c26b0d tracefs: Set all files to the same group ownership as the mount option 2ba0738f7117 net: mvpp2: fix XDP rx queues registering 47ffefd88abf aio: fix use-after-free due to missing POLLFREE handling e4d19740bcca aio: keep poll requests on waitqueue until completed fc2f636ffc44 signalfd: use wake_up_pollfree() 9f3acee7eac8 binder: use wake_up_pollfree() 8e04c8397bf9 wait: add wake_up_pollfree() 2f8eb4c4c8f6 libata: add horkage for ASMedia 1092 f76580d82c62 can: m_can: Disable and ignore ELO interrupt 703dde112021 can:
[OE-core] [hardknott][PATCH 07/24] linux-yocto/5.10: update to v5.10.84
From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: a0582e24d371 Linux 5.10.84 e6edaf267793 ipmi: msghandler: Make symbol 'remove_work_wq' static a8d18fb4d11b net/tls: Fix authentication failure in CCM mode dbe73dace94c parisc: Mark cr16 CPU clocksource unstable on all SMP machines 01300d21505d iwlwifi: mvm: retry init flow if failed a5d0a72b805e serial: 8250: Fix RTS modem control while in rs485 mode f9802d7049f5 serial: 8250_pci: rewrite pericom_do_set_divisor() 50b06889c86f serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array e1722acf4f0d serial: core: fix transmit-buffer reset and memleak bda142bbeb31 serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 901f7e0aa4a6 serial: pl011: Add ACPI SBSA UART match id 946ded2287a0 tty: serial: msm_serial: Deactivate RX DMA for polling support 67d08450a08d x86/64/mm: Map all kernel memory into trampoline_pgd b3a519b5a580 x86/tsc: Disable clocksource watchdog for TSC on qualified platorms 1ed4a8fd363c x86/tsc: Add a timer to make sure TSC_adjust is always checked a92f044a9fcb usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect 6d8c191bf464 USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub 90c915051c3d xhci: Fix commad ring abort, write all 64 bits to CRCR register. 1235485c633e vgacon: Propagate console boot parameters before calling `vc_resize' 92b9113c6df0 parisc: Fix "make install" on newer debian releases c27a548d3f29 parisc: Fix KBUILD_IMAGE for self-extracting kernel 92f309c838fc x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() 4bbbc9c4f313 x86/pv: Switch SWAPGS to ALTERNATIVE 4d42b7bcf09d sched/uclamp: Fix rq->uclamp_max not set on first enqueue 2015ffa3a4c2 x86/xen: Add xenpv_restore_regs_and_return_to_usermode() 8b9279cad291 x86/entry: Use the correct fence macro after swapgs in kernel CR3 c8e341191849 x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword 64ca109bf875 KVM: VMX: Set failure code in prepare_vmcs02() 60ce9a754060 KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register cfebd5a277ad atlantic: Remove warn trace message. 95f6fae9a0db atlantic: Fix statistics logic for production hardware 695d9c6bc671 Remove Half duplex mode speed capabilities. 0c67e7b98fab atlantic: Add missing DIDs and fix 115c. ca350298bccb atlantic: Fix to display FW bundle version instead of FW mac version. 93a4f3f4fdb5 atlatnic: enable Nbase-t speeds with base-t 44812111a3b1 atlantic: Increase delay for fw transactions 13f290d5aa4a drm/msm: Do hw_init() before capturing GPU state d646856a600e drm/msm/a6xx: Allocate enough space for GMU registers a792b3d56438 net/smc: Keep smc_close_final rc during active close e226180acc49 net/rds: correct socket tunable error in rds_tcp_tune() 77731fede297 net/smc: fix wrong list_del in smc_lgr_cleanup_early 9a40a1e0eb50 ipv4: convert fib_num_tclassid_users to atomic_t fa973bf5fd0f net: annotate data-races on txq->xmit_lock_owner e26dab79e16b dpaa2-eth: destroy workqueue at the end of remove function dde240695d97 net: marvell: mvpp2: Fix the computation of shared CPUs 3260b8d12057 net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available acef1c2b1596 ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec 60f0b9c42cb8 rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() 35b40f724c4e rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() 4afb32090a15 ASoC: tegra: Fix kcontrol put callback in AHUB fe4eb5297ac3 ASoC: tegra: Fix kcontrol put callback in DSPK 256aa15aac6d ASoC: tegra: Fix kcontrol put callback in DMIC 1cf1f9a1f3ed ASoC: tegra: Fix kcontrol put callback in I2S 0ee53a1d8889 ASoC: tegra: Fix kcontrol put callback in ADMAIF e6fb4c3fd35b ASoC: tegra: Fix wrong value type in DSPK 0265ef0dff5e ASoC: tegra: Fix wrong value type in DMIC e66e75fb2278 ASoC: tegra: Fix wrong value type in I2S 6b54c0d845e5 ASoC: tegra: Fix wrong value type in ADMAIF 932b338f4e5c mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode a0335cda6d92 selftests: net: Correct case name f1d43efa59f1 net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() 59d2dc771006 arm64: ftrace: add missing BTIs ef55f0f8af2b siphash: use _unaligned version by default fd52e1f8c093 net: mpls: Fix notifications when deleting a device 15fa12c119f8 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() c6f340a331fb tcp: fix page frag corruption on page fault aa6c393a3c3f natsemi: xtensa: fix section mismatch warnings 289ee320b5ed i2c: cbus-gpio: set atomic transfer callback 58d5c53f2589 i2c: stm32f7: stop dma transfer in case of NACK c22124491752 i2c: stm32f7: recover the bus on access timeout 8de6ea757c88 i2c: stm32f7: flush TX FIFO upon transfer errors 1c75779dd90c wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() cb2d7c1992cb wireguard: receive: drop handshakes if queue lock is contended 8a29a50dbdb1 wireguard: receive:
[OE-core] [hardknott][PATCH 05/24] oeqa/selftest/bbtests: Use YP sources mirror instead of GNU
From: Richard Purdie The gnu sources server has been known to disappear. Use the YP sources mirror instead. If that breaks, the autobuilder is broken anyway. This should reduce test failures from upstream network issues. Signed-off-by: Richard Purdie (cherry picked from commit a5459e42f1a6be9c08f303653cc1f73514eca9ef) Signed-off-by: Anuj Mittal (cherry picked from commit fb18fcbd2529555ab98297671e3e6f68a8fd6556) Signed-off-by: Anuj Mittal --- meta/lib/oeqa/selftest/cases/bbtests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/bbtests.py b/meta/lib/oeqa/selftest/cases/bbtests.py index a8b6231d83..0a618bb9a6 100644 --- a/meta/lib/oeqa/selftest/cases/bbtests.py +++ b/meta/lib/oeqa/selftest/cases/bbtests.py @@ -163,7 +163,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\" """) self.track_for_cleanup(os.path.join(self.builddir, "download-selftest")) -data = 'SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"' +data = 'SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz;' self.write_recipeinc('aspell', data) result = bitbake('-f -c fetch aspell', ignore_status=True) self.delete_recipeinc('aspell') -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160190): https://lists.openembedded.org/g/openembedded-core/message/160190 Mute This Topic: https://lists.openembedded.org/mt/88215622/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 06/24] linux-firmware: upgrade 20211027 -> 20211216
From: wangmy License-Update: version of license file updated. Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit 07dc668ddc50de14821aff1b6850d8b4999702bd) Signed-off-by: Anuj Mittal (cherry picked from commit 5170d6e0be3775376d08bd5129686ec53661786e) Signed-off-by: Anuj Mittal --- ...{linux-firmware_20211027.bb => linux-firmware_20211216.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211027.bb => linux-firmware_20211216.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb index 76aed9d443..92b6ff5157 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb @@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ -file://WHENCE;md5=d627873bd934d7c52b2c8191304a8eb7 \ +file://WHENCE;md5=79f477f9d53eedee5a65b45193785963 \ " # These are not common licenses, set NO_GENERIC_LICENSE for them @@ -205,7 +205,7 @@ PE = "1" SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "bc2657dd8eb82386a9a7ec6df9ccf31c32c7e9073c05d37786c1edc273f9440a" +SRC_URI[sha256sum] = "eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d" inherit allarch -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160191): https://lists.openembedded.org/g/openembedded-core/message/160191 Mute This Topic: https://lists.openembedded.org/mt/88215624/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 00/24] Patch review
Next set of changes for hardknott. Please review. One intermittent and unrelated qemu bootup failure seen while testing. https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3081 Thanks, Anuj The following changes since commit f6791df317e66b2d3fa88d3a038d888d4512305a: libpcre/libpcre2: correct SRC_URI (2021-12-10 12:45:13 +0800) are available in the Git repository at: git://push.openembedded.org/openembedded-core-contrib anujm/hardknott Anuj Mittal (2): busybox: upgrade 1.33.1 -> 1.33.2 xserver-xorg: update CVE_PRODUCT Bruce Ashfield (8): linux-yocto/5.10: update to v5.10.84 linux-yocto/5.10: update to v5.10.85 linux-yocto/5.10: update to v5.10.87 linux-yocto/5.4: update to v5.4.159 linux-yocto/5.4: update to v5.4.162 linux-yocto/5.4: update to v5.4.163 linux-yocto/5.4: update to v5.4.165 linux-yocto/5.4: update to v5.4.167 Chaitanya Vadrevu (1): python3-pyelftools: Depend on debugger, pprint Kai Kang (4): xserver-xorg: fix CVE-2021-4008 xserver-xorg: fix CVE-2021-4009 xserver-xorg: fix CVE-2021-4010 xserver-xorg: fix CVE-2021-4011 Richard Purdie (3): oeqa/selftest/bbtests: Use YP sources mirror instead of GNU webkitgtk: Add reproducibility fix openssl: Add reproducibility fix Ross Burton (1): vim: upgrade to 8.2 patch 3752 Steve Sakoman (2): selftest: skip virgl test on centos 8 entirely selftest: skip virgl test on fedora 34 entirely Sundeep KOKKONDA (1): binutils: Fix CVE-2021-45078 pgowda (1): binutils: CVE-2021-42574 wangmy (1): linux-firmware: upgrade 20211027 -> 20211216 meta/lib/oeqa/selftest/cases/bbtests.py |2 +- meta/lib/oeqa/selftest/cases/runtime_test.py |4 + .../openssl/openssl/reproducibility.patch | 22 + .../openssl/openssl_1.1.1l.bb |1 + ...ab_1.33.0.bb => busybox-inittab_1.33.2.bb} |0 .../{busybox_1.33.1.bb => busybox_1.33.2.bb} |2 +- .../binutils/binutils-2.36.inc|2 + .../binutils/0001-CVE-2021-42574.patch| 2006 + .../binutils/0001-CVE-2021-45078.patch| 255 +++ .../python/python3-pyelftools_0.27.bb |2 + .../xorg-xserver/xserver-xorg.inc |2 +- .../xserver-xorg/CVE-2021-4008.patch | 59 + .../xserver-xorg/CVE-2021-4009.patch | 50 + .../xserver-xorg/CVE-2021-4010.patch | 39 + .../xserver-xorg/CVE-2021-4011.patch | 40 + .../xorg-xserver/xserver-xorg_1.20.10.bb |4 + ...20211027.bb => linux-firmware_20211216.bb} |4 +- .../linux/linux-yocto-rt_5.10.bb |6 +- .../linux/linux-yocto-rt_5.4.bb |6 +- .../linux/linux-yocto-tiny_5.10.bb|8 +- .../linux/linux-yocto-tiny_5.4.bb |8 +- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../webkit/webkitgtk/reproducibility.patch| 22 + meta/recipes-sato/webkit/webkitgtk_2.30.5.bb |1 + ...src-Makefile-improve-reproducibility.patch | 13 +- .../vim/files/CVE-2021-3778.patch | 34 - .../vim/files/CVE-2021-3872.patch | 57 - ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 -- .../vim/files/disable_acl_header_check.patch | 15 +- .../vim/files/no-path-adjust.patch|8 +- meta/recipes-support/vim/files/racefix.patch |6 +- ...m-add-knob-whether-elf.h-are-checked.patch | 13 +- meta/recipes-support/vim/vim.inc | 14 +- 34 files changed, 2577 insertions(+), 381 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducibility.patch rename meta/recipes-core/busybox/{busybox-inittab_1.33.0.bb => busybox-inittab_1.33.2.bb} (100%) rename meta/recipes-core/busybox/{busybox_1.33.1.bb => busybox_1.33.2.bb} (95%) create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-45078.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4008.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4009.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4010.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-4011.patch rename meta/recipes-kernel/linux-firmware/{linux-firmware_20211027.bb => linux-firmware_20211216.bb} (99%) create mode 100644 meta/recipes-sato/webkit/webkitgtk/reproducibility.patch delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3872.patch delete mode 100644 meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160185): https://lists.openembedded.org/g/openembedded-core/message/160185 Mute This
[OE-core] [hardknott][PATCH 03/24] python3-pyelftools: Depend on debugger, pprint
From: Chaitanya Vadrevu python3-pyelftools uses python3-debugger, python3-pprint. So add dependencies on these packages. Signed-off-by: Chaitanya Vadrevu Signed-off-by: Richard Purdie (cherry picked from commit 22e84cdd05870f1a19c6389b66c4dfd5e9b418f7) Signed-off-by: Anuj Mittal --- meta/recipes-devtools/python/python3-pyelftools_0.27.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb index 0cfd99504b..e2d0e18277 100644 --- a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb +++ b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb @@ -11,3 +11,5 @@ PYPI_PACKAGE = "pyelftools" inherit pypi setuptools3 BBCLASSEXTEND = "native" + +RDEPENDS:${PN} += "${PYTHON_PN}-debugger ${PYTHON_PN}-pprint" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160188): https://lists.openembedded.org/g/openembedded-core/message/160188 Mute This Topic: https://lists.openembedded.org/mt/88215620/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 04/24] vim: upgrade to 8.2 patch 3752
From: Ross Burton There's a fairly constant flow of CVEs being fixed in Vim, which are getting increasing non-trivial to backport. Instead of trying to backport (and potentially introduce more bugs), or just ignoring them entirely, upgrade vim to the latest patch. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e) Signed-off-by: Mingli Yu Signed-off-by: Anuj Mittal --- ...src-Makefile-improve-reproducibility.patch | 13 +- .../vim/files/CVE-2021-3778.patch | 34 --- .../vim/files/CVE-2021-3872.patch | 57 - ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 -- .../vim/files/disable_acl_header_check.patch | 15 +- .../vim/files/no-path-adjust.patch| 8 +- meta/recipes-support/vim/files/racefix.patch | 6 +- ...m-add-knob-whether-elf.h-are-checked.patch | 13 +- meta/recipes-support/vim/vim.inc | 14 +- 9 files changed, 28 insertions(+), 339 deletions(-) delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3872.patch delete mode 100644 meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch diff --git a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch index 63a7b78f12..2fc11dbdc2 100644 --- a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch +++ b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch @@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu src/Makefile | 14 -- 1 file changed, 4 insertions(+), 10 deletions(-) -diff --git a/src/Makefile b/src/Makefile -index f2fafa4dc..7148d4bd9 100644 a/src/Makefile -+++ b/src/Makefile -@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk +Index: git/src/Makefile +=== +--- git.orig/src/Makefile git/src/Makefile +@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk -@echo '#include "vim.h"' >> $@ -@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@ -@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@ @@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644 -@sh $(srcdir)/pathdef.sh GUI_GTK_RES_INPUTS = \ --- -2.17.1 - diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch deleted file mode 100644 index 04ac413e56..00 --- a/meta/recipes-support/vim/files/CVE-2021-3778.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9ba62f1042513fcadcc4e8fdcee171db66ef1d69 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Fri, 24 Sep 2021 15:15:24 +0800 -Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 - character - -Problem:Reading beyond end of line with invalid utf-8 character. -Solution: Check for NUL when advancing. - -Upstream-Status: Backport [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] -CVE: CVE-2021-3778 - -Signed-off-by: Mingli Yu - src/regexp_nfa.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c -index fb512f961..2806408de 100644 a/src/regexp_nfa.c -+++ b/src/regexp_nfa.c -@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) - match = FALSE; - break; - } -- len2 += MB_CHAR2LEN(c2); -+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) -+ : MB_CHAR2LEN(c2); - } - if (match - // check that no composing char follows --- -2.17.1 - diff --git a/meta/recipes-support/vim/files/CVE-2021-3872.patch b/meta/recipes-support/vim/files/CVE-2021-3872.patch deleted file mode 100644 index f0f30933fa..00 --- a/meta/recipes-support/vim/files/CVE-2021-3872.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 132d060ffbb9651f0d79bd0b6d80cab460235a99 Mon Sep 17 00:00:00 2001 -From: Bram Moolenaar -Date: Fri, 12 Nov 2021 02:56:51 + -Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very - long - -Problem:Illegal memory access if buffer name is very long. -Solution: Make sure not to go over the end of the buffer. - -CVE: CVE-2021-3872 - -Upstream-Status: Backport [https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b] - -Signed-off-by: Mingli Yu - src/drawscreen.c | 10 +- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/drawscreen.c b/src/drawscreen.c -index 3a88ee979..9acb70552 100644 a/src/drawscreen.c -+++ b/src/drawscreen.c -@@ -446,13 +446,13 @@ win_redr_status(win_T *wp,
[OE-core] [hardknott][PATCH 01/24] busybox: upgrade 1.33.1 -> 1.33.2
Bug fix release. 1.33.2 has fixes for hush and ash (parsing fixes) and unlzma (fix a case where we could read before beginning of buffer). Signed-off-by: Anuj Mittal --- .../{busybox-inittab_1.33.0.bb => busybox-inittab_1.33.2.bb}| 0 .../busybox/{busybox_1.33.1.bb => busybox_1.33.2.bb}| 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/busybox/{busybox-inittab_1.33.0.bb => busybox-inittab_1.33.2.bb} (100%) rename meta/recipes-core/busybox/{busybox_1.33.1.bb => busybox_1.33.2.bb} (95%) diff --git a/meta/recipes-core/busybox/busybox-inittab_1.33.0.bb b/meta/recipes-core/busybox/busybox-inittab_1.33.2.bb similarity index 100% rename from meta/recipes-core/busybox/busybox-inittab_1.33.0.bb rename to meta/recipes-core/busybox/busybox-inittab_1.33.2.bb diff --git a/meta/recipes-core/busybox/busybox_1.33.1.bb b/meta/recipes-core/busybox/busybox_1.33.2.bb similarity index 95% rename from meta/recipes-core/busybox/busybox_1.33.1.bb rename to meta/recipes-core/busybox/busybox_1.33.2.bb index 4002d6a5c6..44c83ab83c 100644 --- a/meta/recipes-core/busybox/busybox_1.33.1.bb +++ b/meta/recipes-core/busybox/busybox_1.33.2.bb @@ -51,4 +51,4 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ " SRC_URI_append_libc-musl = " file://musl.cfg " -SRC_URI[tarball.sha256sum] = "12cec6bd2b16d8a9446dd16130f2b92982f1819f6e1c5f5887b6db03f5660d28" +SRC_URI[tarball.sha256sum] = "6843ba7977081e735fa0fdb05893e3c002c8c5ad7c9c80da206e603cc0ac47e7" -- 2.33.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160186): https://lists.openembedded.org/g/openembedded-core/message/160186 Mute This Topic: https://lists.openembedded.org/mt/88215616/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 02/24] binutils: CVE-2021-42574
From: pgowda Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5] Signed-off-by: pgowda Signed-off-by: Anuj Mittal --- .../binutils/binutils-2.36.inc|1 + .../binutils/0001-CVE-2021-42574.patch| 2006 + 2 files changed, 2007 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc b/meta/recipes-devtools/binutils/binutils-2.36.inc index 7d0824e060..e4fdadc70a 100644 --- a/meta/recipes-devtools/binutils/binutils-2.36.inc +++ b/meta/recipes-devtools/binutils/binutils-2.36.inc @@ -46,5 +46,6 @@ SRC_URI = "\ file://0003-CVE-2021-20197.patch \ file://0017-CVE-2021-3530.patch \ file://0018-CVE-2021-3530.patch \ + file://0001-CVE-2021-42574.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch new file mode 100644 index 00..c93fd770b3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch @@ -0,0 +1,2006 @@ +From b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Tue, 9 Nov 2021 13:25:42 + +Subject: [PATCH] Add --unicode option to control how unicode characters are + handled by display tools. + + * nm.c: Add --unicode option to control how unicode characters are + handled. + * objdump.c: Likewise. + * readelf.c: Likewise. + * strings.c: Likewise. + * binutils.texi: Document the new feature. + * NEWS: Document the new feature. + * testsuite/binutils-all/unicode.exp: New file. + * testsuite/binutils-all/nm.hex.unicode + * testsuite/binutils-all/strings.escape.unicode + * testsuite/binutils-all/objdump.highlight.unicode + * testsuite/binutils-all/readelf.invalid.unicode + +CVE: CVE-2021-42574 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5] + +Signed-off-by: pgowda +--- + binutils/ChangeLog | 15 + + binutils/NEWS | 9 + + binutils/doc/binutils.texi | 78 + binutils/nm.c | 228 ++- + binutils/objdump.c | 235 ++-- + binutils/readelf.c | 190 +- + binutils/strings.c | 757 ++--- + 7 files changed, 1409 insertions(+), 103 deletions(-) + +diff --git a/binutils/ChangeLog b/binutils/ChangeLog +--- a/binutils/ChangeLog 2021-12-23 03:23:38.425843662 -0800 b/binutils/ChangeLog 2021-12-23 03:30:31.094968942 -0800 +@@ -1,3 +1,18 @@ ++2021-11-09 Nick Clifton ++ ++ * nm.c: Add --unicode option to control how unicode characters are ++ handled. ++ * objdump.c: Likewise. ++ * readelf.c: Likewise. ++ * strings.c: Likewise. ++ * binutils.texi: Document the new feature. ++ * NEWS: Document the new feature. ++ * testsuite/binutils-all/unicode.exp: New file. ++ * testsuite/binutils-all/nm.hex.unicode ++ * testsuite/binutils-all/strings.escape.unicode ++ * testsuite/binutils-all/objdump.highlight.unicode ++ * testsuite/binutils-all/readelf.invalid.unicode ++ + 2021-02-09 Alan Modra + + PR 27382 +diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi +--- a/binutils/doc/binutils.texi 2021-12-23 03:23:38.441843395 -0800 b/binutils/doc/binutils.texi 2021-12-23 03:30:31.094968942 -0800 +@@ -805,6 +805,7 @@ nm [@option{-A}|@option{-o}|@option{--pr +[@option{-s}|@option{--print-armap}] [@option{-t} @var{radix}|@option{--radix=}@var{radix}] +[@option{-u}|@option{--undefined-only}] [@option{-V}|@option{--version}] +[@option{-X 32_64}] [@option{--defined-only}] [@option{--no-demangle}] ++ [@option{-U} @var{method}] [@option{--unicode=}@var{method}] +[@option{--plugin} @var{name}] +[@option{--no-recurse-limit}|@option{--recurse-limit}]] +[@option{--size-sort}] [@option{--special-syms}] +@@ -1114,6 +1115,21 @@ Use @var{radix} as the radix for printin + @cindex undefined symbols + Display only undefined symbols (those external to each object file). + ++@item -U @var{[d|i|l|e|x|h]} ++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]} ++Controls the display of UTF-8 encoded mulibyte characters in strings. ++The default (@option{--unicode=default}) is to give them no special ++treatment. The @option{--unicode=locale} option displays the sequence ++in the current locale, which may or may not support them. The options ++@option{--unicode=hex} and @option{--unicode=invalid} display them as ++hex byte sequences enclosed by either angle brackets or curly braces. ++ ++The @option{--unicode=escape} option displays them as escape sequences ++(@var{\u}) and the
[OE-core] [meta-networking][dunfell][PATCH] strongswan: Fix for CVE-2021-41990 and CVE-2021-41991
From: Virendra Thakur Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: Virendra Thakur --- .../strongswan/files/CVE-2021-41990.patch | 60 +++ .../strongswan/files/CVE-2021-41991.patch | 39 .../strongswan/strongswan_5.8.4.bb| 2 + 3 files changed, 101 insertions(+) create mode 100644 meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch create mode 100644 meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch new file mode 100644 index 0..279a08b67 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch @@ -0,0 +1,60 @@ +From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 28 Sep 2021 17:52:08 +0200 +Subject: [PATCH] Reject RSASSA-PSS params with negative salt length + +The `salt_len` member in the struct is of type `ssize_t` because we use +negative values for special automatic salt lengths when generating +signatures. + +Not checking this could lead to an integer overflow. The value is assigned +to the `len` field of a chunk (`size_t`), which is further used in +calculations to check the padding structure and (if that is passed by a +matching crafted signature value) eventually a memcpy() that will result +in a segmentation fault. + +Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params") +Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification") +Fixes: CVE-2021-41990 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41990] +Signed-off-by: Virendra Thakur + +--- + src/libstrongswan/credentials/keys/signature_params.c | 6 +- + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c| 2 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c +index d89bd2c96bb5..837de8443d43 100644 +--- a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c +@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) + case RSASSA_PSS_PARAMS_SALT_LEN: + if (object.len) + { +- params->salt_len = (size_t)asn1_parse_integer_uint64(object); ++ params->salt_len = (ssize_t)asn1_parse_integer_uint64(object); ++ if (params->salt_len < 0) ++ { ++ goto end; ++ } + } + break; + case RSASSA_PSS_PARAMS_TRAILER: +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +index f9bd1d314dec..3a775090883e 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +@@ -168,7 +168,7 @@ static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, + int i; + bool success = FALSE; + +- if (!params) ++ if (!params || params->salt_len < 0) + { + return FALSE; + } +-- +2.25.1 + diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch b/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch new file mode 100644 index 0..0e5bce2bd --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch @@ -0,0 +1,39 @@ +From b667237b3a84f601ef5a707ce8eb861c3a5002d3 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Tue, 28 Sep 2021 19:38:22 +0200 +Subject: [PATCH] cert-cache: Prevent crash due to integer overflow/sign change + +random() allocates values in the range [0, RAND_MAX], with RAND_MAX usually +equaling INT_MAX = 2^31-1. Previously, values between 0 and 31 were added +directly to that offset before applying`% CACHE_SIZE` to get an index into +the cache array. If the random value was very high, this resulted in an +integer overflow and a negative index value and, therefore, an out-of-bounds +access of the array and in turn dereferencing invalid pointers when trying +to acquire the read lock. This most likely results in a segmentation fault. + +Fixes: 764e8b2211ce ("reimplemented certificate cache") +Fixes: CVE-2021-41991 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2021-41991] +Signed-off-by: Virendra Thakur + +--- + src/libstrongswan/credentials/sets/cert_cache.c | 2 +- + 1 file changed, 1
[OE-core] [PATCH][honister] linux-yocto: add libmpc-native to DEPENDS
From: Ross Burton 5.10.85 changed how the GCC plugins are built, which means they now depend on both GMP and MPC to be built. We already depend on gmp-native, so add libmpc-native aswell. Signed-off-by: Ross Burton --- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index c62157d850..bbb25f7393 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -36,7 +36,7 @@ LINUX_VERSION ?= "5.10.87" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" -DEPENDS += "gmp-native" +DEPENDS += "gmp-native libmpc-native" PV = "${LINUX_VERSION}+git${SRCPV}" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160183): https://lists.openembedded.org/g/openembedded-core/message/160183 Mute This Topic: https://lists.openembedded.org/mt/88211716/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] linux-yocto: add libmpc-native to DEPENDS
From: Ross Burton 5.10.85 changed how the GCC plugins are built, which means they now depend on both GMP and MPC to be built. We already depend on gmp-native, so add libmpc-native aswell. Signed-off-by: Ross Burton --- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index c62157d850..bbb25f7393 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -36,7 +36,7 @@ LINUX_VERSION ?= "5.10.87" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" -DEPENDS += "gmp-native" +DEPENDS += "gmp-native libmpc-native" PV = "${LINUX_VERSION}+git${SRCPV}" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160182): https://lists.openembedded.org/g/openembedded-core/message/160182 Mute This Topic: https://lists.openembedded.org/mt/88211712/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] populate_sdk_base: remove useless dirs such as /dev
On Tue, 2022-01-04 at 22:01 -0800, Chen Qi wrote: > We met a problem that core-image-tiny-initramfs's SDK cannot be > installed. The error message is like below. > > tar: ./sysroots/core2-64-poky-linux/dev/console: Cannot mknod: Operation > not permitted > > In fact, the '/dev' direcotry is useless for SDK. So remove it. > > This patches uses a variable, SDK_USELESS_DIRS, to hold useless dir entries > so that it could be extended. For example, '/usr/bin' could be added if > wanted. > > Signed-off-by: Chen Qi > --- > meta/classes/populate_sdk_base.bbclass | 11 ++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/populate_sdk_base.bbclass > b/meta/classes/populate_sdk_base.bbclass > index fafdd96749..d4065b9b13 100644 > --- a/meta/classes/populate_sdk_base.bbclass > +++ b/meta/classes/populate_sdk_base.bbclass > @@ -92,6 +92,8 @@ SDK_HOST_MANIFEST = > "${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.host.manifest" > SDK_EXT_TARGET_MANIFEST = > "${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.target.manifest" > SDK_EXT_HOST_MANIFEST = > "${SDK_DEPLOY}/${TOOLCHAINEXT_OUTPUTNAME}.host.manifest" > > +SDK_USELESS_DIRS ?= "/dev" > + I think this is the better approach to solving the issue but I don't agree with the name "USELESS". Something like SDK_PRUNE_SYSROOT_DIRS would probably better describe what the code is doing. > python write_target_sdk_manifest () { > from oe.sdk import sdk_list_installed_packages > from oe.utils import format_pkg_list > @@ -103,6 +105,12 @@ python write_target_sdk_manifest () { > output.write(format_pkg_list(pkgs, 'ver')) > } > > +delete_useless () { This needs some prefix so we know it is sdk related as well as the useless name change. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160181): https://lists.openembedded.org/g/openembedded-core/message/160181 Mute This Topic: https://lists.openembedded.org/mt/88209004/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] grub: fix CVE-2020-14372 and CVE-2020-27779
From: Marta Rybczynska Fix issues with grub in secure boot mode where an attacker could circumvent secure boot by using acpi and cutmem commands. Also include patches fixing similar issues. Most patches are backported directly from grub. One patch (no-insmod-on-sb.patch) comes from Debian, as the upstream implementation is too complicated to backport. CVE-2020-14372 description (from NVD [1]): A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. CVE-2020-27779 description (from NVD [2]): A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-14372 [2] https://nvd.nist.gov/vuln/detail/CVE-2020-27779 Signed-off-by: Marta Rybczynska --- .../grub/files/CVE-2020-14372.patch | 76 +++ .../grub/files/CVE-2020-14372_1.patch | 130 ++ .../grub/files/CVE-2020-14372_2.patch | 431 ++ .../grub/files/CVE-2020-14372_3.patch | 57 +++ .../grub/files/CVE-2020-14372_4.patch | 52 +++ .../grub/files/CVE-2020-14372_5.patch | 158 +++ .../grub/files/CVE-2020-27779.patch | 70 +++ .../grub/files/CVE-2020-27779_2.patch | 105 + .../grub/files/CVE-2020-27779_3.patch | 37 ++ .../grub/files/CVE-2020-27779_4.patch | 35 ++ .../grub/files/CVE-2020-27779_5.patch | 62 +++ .../grub/files/CVE-2020-27779_6.patch | 61 +++ .../grub/files/CVE-2020-27779_7.patch | 65 +++ .../grub/files/no-insmod-on-sb.patch | 107 + meta/recipes-bsp/grub/grub2.inc | 14 + 15 files changed, 1460 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_1.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_2.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_3.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_4.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_2.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_3.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_5.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_6.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-27779_7.patch create mode 100644 meta/recipes-bsp/grub/files/no-insmod-on-sb.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2020-14372.patch b/meta/recipes-bsp/grub/files/CVE-2020-14372.patch new file mode 100644 index 00..08e7666cde --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-14372.patch @@ -0,0 +1,76 @@ +From 0d237c0b90f0c6d4a3662c569b2371ae3ed69574 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 28 Sep 2020 20:08:41 +0200 +Subject: [PATCH] acpi: Don't register the acpi command when locked down +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The command is not allowed when lockdown is enforced. Otherwise an +attacker can instruct the GRUB to load an SSDT table to overwrite +the kernel lockdown configuration and later load and execute +unsigned code. + +Fixes: CVE-2020-14372 + +Reported-by: Máté Kukri +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e8e4c0549240fa209acffceb473e1e509b50c95] +CVE: CVE-2020-14372 +Signed-off-by: Marta Rybczynska +--- + docs/grub.texi| 5 + + grub-core/commands/acpi.c | 15 --- + 2 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 0786427..47ac7ff 100644 +--- a/docs/grub.texi b/docs/grub.texi +@@ -3986,6 +3986,11 @@ Normally, this command will replace the Root System Description Pointer + (RSDP) in the Extended BIOS Data Area to point to the new