[OE-core][dunfell][PATCH] xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393

[Vijay Anusuri]

From: Vijay Anusuri 

Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110]

Signed-off-by: Vijay Anusuri 
---
 .../xserver-xorg/CVE-2023-0494.patch  | 38 +++
 .../xserver-xorg/CVE-2023-1393.patch  | 46 +++
 .../xorg-xserver/xserver-xorg_1.20.14.bb  |  2 +
 3 files changed, 86 insertions(+)
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch

diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
new file mode 100644
index 00..ef2ee5d55e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
@@ -0,0 +1,38 @@
+From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
+From: Peter Hutterer 
+Date: Wed, 25 Jan 2023 11:41:40 +1000
+Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses
+
+CVE-2023-0494, ZDI-CAN-19596
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer 
+
+Upstream-Status: Backport 
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec]
+CVE: CVE-2023-0494
+Signed-off-by: Vijay Anusuri 
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 217baa9561..dcd4efb3bc 100644
+--- a/Xi/exevents.c
 b/Xi/exevents.c
+@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+ memcpy(to->button->xkb_acts, from->button->xkb_acts,
+sizeof(XkbAction));
+ }
+-else
++else {
+ free(to->button->xkb_acts);
++to->button->xkb_acts = NULL;
++}
+ 
+ memcpy(to->button->labels, from->button->labels,
+from->button->numButtons * sizeof(Atom));
+-- 
+GitLab
+
diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
new file mode 100644
index 00..51d0e0cab6
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
@@ -0,0 +1,46 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan 
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan 
+Reviewed-by: Adam Jackson 
+
+Upstream-Status: Backport 
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110]
+CVE: CVE-2023-1393
+Signed-off-by: Vijay Anusuri 
+---
+ composite/compwindow.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86b..b30da589e9 100644
+--- a/composite/compwindow.c
 b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+ ret = (*pScreen->DestroyWindow) (pWin);
+ cs->DestroyWindow = pScreen->DestroyWindow;
+ pScreen->DestroyWindow = compDestroyWindow;
++
++/* Did we just destroy the overlay window? */
++if (pWin == cs->pOverlayWin)
++cs->pOverlayWin = NULL;
++
+ /*compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+ return ret;
+ }
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index ab18a87a3d..5c604fa86e 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -14,6 +14,8 @@ SRC_URI += 
"file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2022-46342.patch \
file://CVE-2022-46343.patch \
file://CVE-2022-46344.patch \
+   file://CVE-2023-0494.patch \
+   file://CVE-2023-1393.patch \
 "
 SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf"
 SRC_URI[sha256sum] = 
"54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181898): 
https://lists.openembedded.org/g/ope

[OE-core][PATCH] libsdl2: disable SDL's own ccache

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

OE has its own ccache mechanism, disable libsdl2's own ccache
searching/enabling mechanism. Otherwise, if ccache is installed
on system, it will be used by default.

Signed-off-by: Chen Qi 
---
 meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb 
b/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
index 3274475da1..f8319a8f29 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb
@@ -47,6 +47,7 @@ EXTRA_OECMAKE = "-DSDL_OSS=OFF -DSDL_ESD=OFF -DSDL_ARTS=OFF \
  -DSDL_X11_XRANDR=OFF \
  -DSDL_X11_XSCRNSAVER=OFF \
  -DSDL_X11_XSHAPE=OFF \
+ -DSDL_CCACHE=OFF \
 "
 
 # opengl packageconfig factored out to make it easy for distros
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181897): 
https://lists.openembedded.org/g/openembedded-core/message/181897
Mute This Topic: https://lists.openembedded.org/mt/99214627/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

[Sundeep KOKKONDA via lists.openembedded.org]

I still did not get this reproduced on rust sources (Since it is occurring only 
on 32-bit builds, the rust build is giving some unknown errors which are yet to 
be analyzed...).
Until then, to avoid DEBUG_BUILD failures this workaround is sent.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181896): 
https://lists.openembedded.org/g/openembedded-core/message/181896
Mute This Topic: https://lists.openembedded.org/mt/99196585/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Current high bug count owners for Yocto Project 4.3

[Stephen Jolley]

All,

Below is the list as of top 34 bug owners as of the end of WW21 of who have
open medium or higher bugs and enhancements against YP 4.3. There are 104
possible work days left until the final release candidates for YP 4.3 needs
to be released.




Who

Count


ross.bur...@arm.com

32


michael.opdenac...@bootlin.com

32


richard.pur...@linuxfoundation.org

28


david.re...@windriver.com

26


randy.macl...@windriver.com

25


bruce.ashfi...@gmail.com

25


jpewhac...@gmail.com

11


pa...@zhukoff.net

7


sakib.sa...@windriver.com

6


sundeep.kokko...@windriver.com

5


pi...@pidge.org

4


yash.shi...@windriver.com

3


tim.orl...@konsulko.com

3


p.lob...@welotec.com

2


jon.ma...@arm.com

2


alexis.loth...@bootlin.com

2


tvgamb...@gmail.com

1


thr...@amazon.de

1


thomas.per...@bootlin.com

1


naveen.kumar.sa...@intel.com

1


mathew.pro...@gmail.com

1


martin.ja...@gmail.com

1


mark.ha...@kernel.crashing.org

1


mark.asselst...@windriver.com

1


louis.ran...@syslinbit.com

1


johannes.schri...@blueye.no

1


jens.ge...@desy.de

1


geissona...@yahoo.com

1


frederic.martins...@gmail.com

1


frank.wo...@smile.fr

1


fawzi.kha...@smile.fr

1


fathi.bou...@linaro.org

1


anuj.mit...@intel.com

1


alexandre.bell...@bootlin.com

1


Grand Total

231

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181895): 
https://lists.openembedded.org/g/openembedded-core/message/181895
Mute This Topic: https://lists.openembedded.org/mt/99210936/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

[Stephen Jolley]

All,

 

The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please
review:
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and
how to create a bugzilla account at:

https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work
on who doesn't have deep experience with the project.  If anyone can help,
please take ownership of the bug and send patches!  If anyone needs
help/advice there are people on irc who can likely do so, or some of the
more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs
reported into the Bugzilla. The number of people attending that meeting has
fallen, as have the number of people available to help fix bugs. One of the
things we hear users report is they don't know how to help. We (the triage
team) are therefore going to start reporting out the currently 429
unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out
with these.  Bugs are split into two types, "true bugs" where things don't
work as they should and "enhancements" which are features we'd want to add
to the system.  There are also roughly four different "priority" classes
right now,  "4.2", "4.3", "4.99" and "Future", the more pressing/urgent
issues being in "4.2" and then "4.3".

 

Please review this link and if a bug is something you would be able to help
with either take ownership of the bug, or send me (sjolley.yp...@gmail.com
 ) an e-mail with the bug number you would
like and I will assign it to you (please make sure you have a Bugzilla
account).  The list is at:
https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer
_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181894): 
https://lists.openembedded.org/g/openembedded-core/message/181894
Mute This Topic: https://lists.openembedded.org/mt/99210770/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

[Steve Sakoman]

Forgot to reply all!

-- Forwarded message -
From: Steve Sakoman 
Date: Mon, May 29, 2023 at 12:58 PM
Subject: Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm:
Remove duplicate function to not have future conflicts
To: 


On Mon, May 29, 2023 at 10:16 AM  wrote:
>
> Yes, the same issues are present in master branch.
>
> But this series of patches won't work on master, it needs some adaptation.

In that case you will also need to submit a modified series for master
(which will hopefully cherry-pick to mickledore)

At that point I can take the kirkstone version of the patch.  The
reason is that we don't want to have issues fixed in a stable branch
that aren't also fixed in master.

Thanks!

Steve

> Because in kirkstone we have Nodejs 16.19.1 and in master we have Nodejs 
> 18.16, and they generate shrinkwrap files that are slightly different.
>
> For Mickledore, I didn't test yet but I think that it will work like in the 
> master branch.
>
>  Note: these changes work only if my patch for bitbake is accepted: 
> https://lists.openembedded.org/g/bitbake-devel/topic/kirkstone_patch_fetch2/99163598?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,99163598,previd%3D1685367798112436212,nextid%3D1683629533018906083&previd=1685367798112436212&nextid=1683629533018906083
>
> Best regards,
> BELOUARGA Mohamed
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181893): 
https://lists.openembedded.org/g/openembedded-core/message/181893
Mute This Topic: https://lists.openembedded.org/mt/99163838/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

[belouargamohamed]

Yes, the same issues are present in master branch.

But this series of patches won't work on master, it needs some adaptation.

Because in kirkstone we have Nodejs 16.19.1 and in master we have Nodejs 18.16, 
and they generate shrinkwrap files that are slightly different.

For Mickledore, I didn't test yet but I think that it will work like in the 
master branch.

Note: these changes work only if my patch for bitbake is accepted: 
https://lists.openembedded.org/g/bitbake-devel/topic/kirkstone_patch_fetch2/99163598?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,99163598,previd%3D1685367798112436212,nextid%3D1683629533018906083&previd=1685367798112436212&nextid=1683629533018906083

Best regards,
BELOUARGA Mohamed

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181892): 
https://lists.openembedded.org/g/openembedded-core/message/181892
Mute This Topic: https://lists.openembedded.org/mt/99163838/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [mickledore 5/6] linux-yocto/5.15: update to v5.15.112

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

9d6bde853685 Linux 5.15.112
0788273bd0a6 drm/amd/display: Fix hang when skipping modeset
de9a3ed42333 RISC-V: Fix up a cherry-pick warning in setup_vm_final()
3c9b08a16978 drbd: correctly submit flush bio on barrier
d0bcf6caa280 serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
0b401c25 drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on 
load error
8beaa3cb293a ext4: fix invalid free tracking in ext4_xattr_move_to_block()
978e5e9111af ext4: remove a BUG_ON in ext4_mb_release_group_pa()
2b3b8f18c0dc ext4: bail out of ext4_xattr_ibody_get() fails for any reason
f22b274429e8 ext4: add bounds checking in get_max_inline_xattr_value_size()
640c8c365999 ext4: fix deadlock when converting an inline directory in 
nojournal mode
b2531936118d ext4: improve error handling from ext4_dirhash()
b2f1314e6e36 ext4: improve error recovery code paths in __ext4_remount()
5f7d66e5e557 ext4: check iomap type only if ext4_iomap_begin() does not fail
f5e687698c6d ext4: fix data races when using cached status extents
6d9a705a653e ext4: avoid a potential slab-out-of-bounds in 
ext4_group_desc_csum
d55e76e11592 ext4: fix WARNING in mb_find_extent
c5c385baee9b locking/rwsem: Add __always_inline annotation to 
__down_read_common() and inlined callers
ed76d3a8910b ksmbd: not allow guest user on multichannel
4f9baa066749 ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
bc77a6e93306 ksmbd: fix racy issue while destroying session on multichannel
a89ff57e4da1 ksmbd: fix kernel oops from idr_remove()
876a7e3b58e3 ksmbd: add channel rwlock
05cbc9806ae8 ksmbd: replace sessions list in connection with xarray
f86a1a74d9a7 ksmbd: fix multi session connection failure
bb3b772f186c ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO
2456e2889c77 wifi: rtw88: rtw8821c: Fix rfe_option field width
615aff165bda drm/amd/display: Add NULL plane_state check for cursor disable 
logic
c11b90aced1a drm/amd/display: Refine condition of cursor visibility for 
pipe-split
bf16debcda5c drm/msm/adreno: fix runtime PM imbalance at gpu load
bac00e57cd5e drm/msm: Remove struct_mutex usage
17eeeac92b47 drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 
319.89 MHz
6d5e6d5a70e2 drm/i915/dg2: Add additional HDMI pixel clock frequencies
06af228515d1 drm/i915/dg2: Support 4k@30 on HDMI
a63c6b1eed9a ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
aa803e6ecac7 ASoC: DPCM: Don't pick up BE without substream
44b685c4bab3 ASoC: soc-pcm: Move debugfs removal out of spinlock
0d5017dea0c6 ASoC: soc-compress: Inherit atomicity from DAI link for 
Compress FE
a536c367b0d8 ASoC: soc-pcm: Fix DPCM lockdep warning due to nested stream 
locks
e2e5b8c72998 fs/ntfs3: Refactoring of various minor issues
5047a228d4c8 HID: wacom: insert timestamp to packed Bluetooth (BT) events
db587340a004 HID: wacom: Set a default resolution for older tablets
823787470e32 drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled 
in suspend
b39ba90d69ee drm/amdgpu: Fix vram recover doesn't work after whole GPU 
reset (v2)
cd3c0f7013c3 drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when 
enabling legacy gfx ras
6d4b6abedd2d drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
db307e725d5b drm/amd/display: fix flickering caused by S/G mode
61b694b742fb drm/panel: otm8009a: Set backlight parent to panel device
8f57f3e112cf f2fs: fix potential corruption when moving a directory
e2d1cc82ad50 drm/msm: fix NULL-deref on irq uninstall
8f0e1ad5327a drm/msm: fix NULL-deref on snapshot tear down
74543041c03e drm/bridge: lt8912b: Fix DSI Video Mode
9d79ccd97199 ARM: dts: s5pv210: correct MIPI CSIS clock name
137259261cd0 ARM: dts: exynos: fix WM8960 clock name in Itop Elite
eb15fb94d44a remoteproc: imx_rproc: Call of_node_put() on iteration error
de26e064ed9e remoteproc: st: Call of_node_put() on iteration error
8915e44eb3fb remoteproc: stm32: Call of_node_put() on iteration error
975b80702f0e sh: nmi_debug: fix return value of __setup handler
66dbc361214d sh: init: use OF_EARLY_FLATTREE for early init
bb870c4b73d2 sh: mcount.S: fix build error when PRINTK is not enabled
be95f9ebaf10 sh: math-emu: fix macro redefined warning
9fdf3666e3f1 SMB3: force unmount was failing to close deferred close files
c3a0ae5259ea smb3: fix problem remounting a share after shutdown
17ad86d8c122 inotify: Avoid reporting event with invalid wd
e51cd74e32d2 platform/x86: touchscreen_dmi: Add info for the Dexp Ursus 
KX210i
21de866f75de platform/x86: touchscreen_dmi: Add upside-down quirk for 
GDIX1002 ts on the Juno Tablet
5af78b437cd3 cifs: release leases for deferred close handles when freezing
f43b55

[OE-core] [mickledore 6/6] linux-yocto/5.15: update to v5.15.113

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

1fe619a7d252 Linux 5.15.113
7de20a23e52a HID: wacom: add three styli to wacom_intuos_get_tool_type
25b835d40838 HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
a540aabefa9b HID: wacom: Force pen out of prox if no events have been 
received in a while
b4c7b54b83f6 s390/qdio: fix do_sqbs() inline assembly constraint
b8427b8522d9 nilfs2: fix use-after-free bug of nilfs_root in 
nilfs_evict_inode()
cafdd9cefc5b powerpc/64s/radix: Fix soft dirty tracking
fe59dd824fad tpm/tpm_tis: Disable interrupts for more Lenovo devices
b9eb4491f0c9 powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV 
device
317ee8c54faa ceph: force updating the msg pointer in non-split case
e3d1adcad5b7 vc_screen: reload load of struct vc_data pointer in 
vcs_write() to avoid UAF
03e39ec73941 thunderbolt: Clear registers properly when auto clear isn't in 
use
742ed5bb683e serial: qcom-geni: fix enabling deactivated interrupt
6960267e7d0b serial: 8250_exar: Add support for USR298x PCI Modems
7d8873ecbd3c serial: Add support for Advantech PCI-1611U card
51d90382d241 statfs: enforce statfs[64] structure initialization
865be1cff2c0 ksmbd: fix global-out-of-bounds in smb2_find_context_vals
7657321b2624 ksmbd: fix wrong UserName check in session_user
61e043326e72 ksmbd: allocate one more byte for implied bcc[0]
1c2461b41f30 ksmbd: smb2: Allow messages padded to 8byte boundary
49f47945386e SMB3: drop reference to cfile before sending oplock break
653d30a1512c SMB3: Close all deferred handles of inode in case of handle 
lease break
972a33e6cc76 can: kvaser_pciefd: Disable interrupts in probe error path
143623940a03 can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
c724a6edc1c6 can: kvaser_pciefd: Clear listen-only bit if not explicitly 
requested
f04628305cac can: kvaser_pciefd: Empty SRB buffer in probe
da711a8af0fa can: kvaser_pciefd: Call request_irq() before enabling 
interrupts
4857ccfbe283 can: kvaser_pciefd: Set CAN_STATE_STOPPED in 
kvaser_pciefd_stop()
9ac2448c24a9 can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
a17cf315f246 can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
83af0876040b ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
cc1924ab21d7 ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
3a32c5149461 ALSA: hda/realtek: Add quirk for Clevo L140AU
059a18e95e06 ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
e8c7d7c43d5e ALSA: hda: Fix Oops by 9.1 surround channel names
831a1ffb0a93 xhci: Fix incorrect tracking of free space on transfer rings
4c5c4870694b xhci-pci: Only run d3cold avoidance quirk for s2idle
fc0e18f95c88 usb: typec: altmodes/displayport: fix pin_assignment_show
0ed9257a8ab9 usb: gadget: u_ether: Fix host MAC address case
c51a131cacf4 usb: dwc3: debugfs: Resume dwc3 before accessing registers
720be29c7d1c USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit 
value
2ef3ecff0907 usb-storage: fix deadlock when a scsi command timeouts more 
than once
3b43d9df27a7 USB: usbtmc: Fix direction for 0-length ioctl control messages
15d744133218 ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
62499cf3ddd7 bridge: always declare tunnel functions
ec5caa765f7f netfilter: nft_set_rbtree: fix null deref on element insertion
b0cc763806c0 netfilter: nf_tables: fix nft_trans type confusion
addaba68018b vlan: fix a potential uninit-value in 
vlan_dev_hard_start_xmit()
3a0450d38a3e igb: fix bit_shift to be in [1..8] range
c15c3bb90c9a net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
234e744d86bd cassini: Fix a memory leak in the error handling path of 
cas_init_one()
76a7cd047b3a scsi: storvsc: Don't pass unused PFNs to Hyper-V host
05ad5a4d421c wifi: iwlwifi: mvm: don't trust firmware n_channels
d66490c29364 wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
fce7d92a8990 wifi: mac80211: fix min center freq offset tracing
fd8bc0f581af net: bcmgenet: Restore phy_stop() depending upon suspend/close
99c5acfd1f6a net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
ed1283c46d90 s390/cio: include subchannels without devices also for 
evaluation
673cb4798921 tipc: check the bearer min mtu properly when setting it by 
netlink
575e84d90a74 tipc: do not update mtu if msg_max is too small in mtu 
negotiation
5cf99d5f656a tipc: add tipc_bearer_min_mtu to calculate min mtu
6a7690f2bd17 virtio_net: Fix error unwinding of XDP initialization
18c0bd6888b3 virtio-net: Maintain reverse cleanup order
cdd8160dcda1 net: nsh: Use correct mac_offset to unwind gso skb in 
nsh_gso_segment()
f51d15d9bc41 drm/exynos: fix g2d_open/close helper function definitions
45a158a212d9 SUNRPC: Fix trace_svc_register() 

[OE-core] [mickledore 4/6] linux-yocto/5.15: update to v5.15.111

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

b0ece631f84a Linux 5.15.111
0a008c5098d8 sched: Fix DEBUG && !SCHEDSTATS warn
21c2a454486d netfilter: nf_tables: deactivate anonymous set from 
preparation phase
aa6ff950f875 arm64: dts: qcom: sdm845: correct dynamic power coefficients - 
again
2931ed45bfe3 sound/oss/dmasound: fix 'dmasound_setup' defined but not used
503e554782c9 debugobject: Ensure pool refill (again)
6b84832966a0 perf intel-pt: Fix CYC timestamps after standalone CBR
06106efa20f7 perf auxtrace: Fix address filter entire kernel size
11c6fb35df5c dm: don't lock fs when the map is NULL in process of resume
e11765cea205 dm ioctl: fix nested locking in table_clear() to remove 
deadlock concern
f76fcb9d43ec dm flakey: fix a crash with invalid table line
a5d8c6bf58e5 dm integrity: call kmem_cache_destroy() in dm_integrity_init() 
error path
56e952ae6d89 dm clone: call kmem_cache_destroy() in dm_clone_init() error 
path
f382705d0460 dm verity: fix error handling for check_at_most_once on FEC
1821a33bb23e ia64: fix an addr to taddr in huge_pte_offset()
3a57c70e9e92 s390/dasd: fix hanging blockdevice after request requeue
ed7e8beb201b btrfs: scrub: reject unsupported scrub flags
14383698c0de scripts/gdb: fix lx-timerlist for Python3
33383fbe4f01 clk: rockchip: rk3399: allow clk_cifout to force 
clk_cifout_src to reparent
e8353dea7d7d wifi: rtl8xxxu: RTL8192EU always needs full init
384a0dcac2a6 mailbox: zynqmp: Fix typo in IPI documentation
09206edff007 mailbox: zynqmp: Fix IPI isr handling
6d1af517817a mtd: core: fix error path for nvmem provider
8444b46e163a mtd: core: fix nvmem error reporting
7c253e98685e mtd: core: provide unique name for nvmem device, take two
68695084077e md/raid10: fix null-ptr-deref in raid10_sync_request
8d07d9119642 nilfs2: fix infinite loop in nilfs_mdt_get_block()
13f73ef77baa nilfs2: do not write dirty data after degenerating to read-only
ab0748f246b7 ALSA: usb-audio: Add quirk for Pioneer DDJ-800
a87e5b9b4c64 parisc: Fix argument pointer in real64_call_asm()
f1b4681cfa0a afs: Fix updating of i_size with dv jump from server
33f302c9bf3e mfd: tqmx86: Correct board names for TQMxE39x
ce01b75447f6 mfd: tqmx86: Specify IO port register range more precisely
a23b3b2be0d0 mfd: tqmx86: Do not access I2C_DETECT register through io_base
388d2578c7d7 thermal/drivers/mediatek: Use devm_of_iomap to avoid resource 
leak in mtk_thermal_probe
bdcf9fec87b2 dmaengine: at_xdmac: do not enable all cyclic channels
a5227b3be869 dmaengine: at_xdmac: Fix race for the tx desc callback
2b68028d771a dmaengine: at_xdmac: Fix concurrency over chan's 
completed_cookie
738a4fdbd157 dmaengine: dw-edma: Fix to enable to issue dma request on DMA 
processing
fd6316dec20f dmaengine: dw-edma: Fix to change for continuous transfer
dd23c11136ff dma: gpi: remove spurious unlock in gpi_ch_init
dce3bdaee3f2 phy: tegra: xusb: Add missing tegra_xusb_port_unregister for 
usb2_port and ulpi_port
1cccf7c5c7f5 pwm: mtk-disp: Configure double buffering before reading in 
.get_state()
d2798512fafc pwm: mtk-disp: Disable shadow registers before setting 
backlight values
8ffa1cb8bcfa leds: tca6507: Fix error handling of using 
fwnode_property_read_string
e63e3a0fc062 dmaengine: mv_xor_v2: Fix an error code.
332ca024a82e leds: TI_LMU_COMMON: select REGMAP instead of depending on it
c904a070d7cd pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux 
configuration
40566def189c ext4: fix use-after-free read in ext4_find_extent for bigalloc 
+ inline
18eb23891aea ext4: fix i_disksize exceeding i_size problem in paritally 
written case
3dc3a86b88bd SMB3: Close deferred file handles in case of handle lease break
0f87e18203bd SMB3: Add missing locks to protect deferred close file list
b574e73db844 timekeeping: Fix references to nonexistent ktime_get_fast_ns()
ccfede0a2cb1 openrisc: Properly store r31 to pt_regs on unhandled exceptions
1c7456aa5d3a clocksource/drivers/davinci: Fix memory leak in 
davinci_timer_register when init fails
c87c6d50505b RDMA/mlx5: Use correct device num_ports when modify DC
d2823237dabc SUNRPC: remove the maximum number of retries in 
call_bind_status
c11e44ac1a71 RDMA/mlx5: Fix flow counter query via DEVX
7acad58049ac Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
b6157a9f0fc7 clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
33f9b8de1b00 clk: qcom: regmap: add PHY clock source implementation
0ccc1a6bac34 NFSv4.1: Always send a RECLAIM_COMPLETE after establishing 
lease
a2bd706ab635 IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA 
requests
6bbc49661c31 IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
00cc21e32ea1 RDMA/srpt: Add a check for v

[OE-core] [mickledore 3/6] linux-yocto/5.15: update to v5.15.110

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

8a7f2a5c5aa1 Linux 5.15.110
cab0f985037b riscv: No need to relocate the dtb as it lies in the fixmap 
region
1f09c9bab723 riscv: Do not set initial_boot_params to the linear address of 
the dtb
bbf94b042155 riscv: Move early dtb mapping into the fixmap region
ccb29694c2da selftests: mptcp: join: fix "invalid address, ADD_ADDR timeout"
0994aa001fde driver core: Don't require dynamic_debug for initcall_debug 
probe timing
3dcebcaa258c USB: serial: option: add UNISOC vendor and TOZED LT70C product
f1e6a14d5ae8 bluetooth: Perform careful capability checks in 
hci_sock_ioctl()
39c472809aab drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
936a23293bbb wifi: brcmfmac: slab-out-of-bounds read in 
brcmf_get_assoc_ies()
2bd716c6e4d1 KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
00f74003edf5 KVM: arm64: Retry fault if vma_lookup() results become invalid
c1da649699e1 selftests/kselftest/runner/run_one(): allow running 
non-executable files
c88435054153 PCI/ASPM: Remove pcie_aspm_pm_state_change()

Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.15.bb  |  4 ++--
 .../linux/linux-yocto-tiny_5.15.bb|  4 ++--
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +--
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index c3c9ed8967..731a871e11 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "63a865cbbc8ab351f44582a4fcf2999c7681cfd8"
+SRCREV_machine ?= "91c85a978457d009bb57ec0a0867afe4ff7c8278"
 SRCREV_meta ?= "8ce5ee0184fb213962a82ca5ee8c74851452e260"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https
 \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "5.15.109"
+LINUX_VERSION ?= "5.15.110"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index ae2604ab70..6ded419a02 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.109"
+LINUX_VERSION ?= "5.15.110"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "7d734295a38a5fc03fb29fb90bb64e38708e2308"
+SRCREV_machine ?= "37cc630d5574860de0b48e67fca03d8cb7d2a260"
 SRCREV_meta ?= "8ce5ee0184fb213962a82ca5ee8c74851452e260"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index d30b12d557..e702fbcf71 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,16 +13,16 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "8ac50c616d30bffb2540f2dd7bfe8ea66d737bfe"
-SRCREV_machine:qemuarm64 ?= "470798ad34773e9e60e08ba80a8b7e6c4cf65c94"
-SRCREV_machine:qemumips ?= "9dcb3aaf2e30172cfb33b13d50bae621cd449f5b"
-SRCREV_machine:qemuppc ?= "faaa6b1dd4c1bf3550efa07e788f6849729e9d7b"
-SRCREV_machine:qemuriscv64 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemuriscv32 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemux86 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemux86-64 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemumips64 ?= "a41a7b13730b656588ac38cf0f1af6f9f255e112"
-SRCREV_machine ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
+SRCREV_machine:qemuarm ?= "c9c4163f1d7a05a8a9e74f519ec7acc54259f53b"
+SRCREV_machine:qemuarm64 ?= "1cbfaca7888ffe8f6ce58987080a86b48161ce44"
+SRCREV_machine:qemumips ?= "9d83787163c68c2390136915fcfbf3e781d56874"
+SRCREV_machine:qemuppc ?= "a6d06d797ba2ae6c391898a42fced6c3eb71aad0"
+SRCREV_machine:qemuriscv64 ?= "4399f7dbd01bd141ad6033438eb818820322ef13"
+SRCREV_machine:qemuriscv32 ?= "4399f7dbd01bd141ad6033438eb818820322ef13"
+SRCREV_machine:qemux86 ?= "4399f7dbd01bd141ad6033438eb818820322ef13"
+SRCREV_machine:qemux86-64 ?= "4399f7

[OE-core] [mickledore 2/6] linux-yocto/5.15: update to v5.15.109

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

f48aeeaaa64c Linux 5.15.109
4aed6b5809bb soc: sifive: l2_cache: fix missing of_node_put() in 
sifive_l2_init()
71e7ed6e3aa9 soc: sifive: l2_cache: fix missing free_irq() in error path in 
sifive_l2_init()
48c5fd373345 soc: sifive: l2_cache: fix missing iounmap() in error path in 
sifive_l2_init()
2a2a502af466 ASN.1: Fix check for strdup() success
9fc2e7f2cf47 ASoC: fsl_asrc_dma: fix potential null-ptr-deref
0431e1323f42 mm/page_alloc: fix potential deadlock on zonelist_update_seq 
seqlock
144ff55623e2 iio: adc: at91-sama5d2_adc: fix an error code in 
at91_adc_allocate_trigger()
e589986ef037 counter: 104-quad-8: Fix race condition between FLAG and CNTR 
reads
78559037632b pwm: hibvt: Explicitly set .polarity in .get_state()
2147e7c2d26f pwm: iqs620a: Explicitly set .polarity in .get_state()
a2ab4924f0c8 pwm: meson: Explicitly set .polarity in .get_state()
dbc7a6d1ec8e sctp: Call inet6_destroy_sock() via sk->sk_destruct().
4f66b180a622 dccp: Call inet6_destroy_sock() via sk->sk_destruct().
b60d534d1e70 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
dd042131386f tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
dabbe97f369b udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
d58366aab868 fuse: fix deadlock between atomic O_TRUNC and page invalidation
e21d9c606839 fuse: always revalidate rename target dentry
c10a5b340681 fuse: fix attr version comparison in fuse_read_update_size()
1e5c686087dc purgatory: fix disabling debug info
a134b2ac4127 docs: futex: Fix kernel-doc references after code split-up 
preparation
66dd55279174 MIPS: Define RUNTIME_DISCARD_EXIT in LD script
e779884c713f sched/fair: Fixes for capacity inversion detection
4ee882e0e1ed sched/uclamp: Fix a uninitialized variable warnings
98762616db0b sched/fair: Consider capacity inversion in util_fits_cpu()
99b704ae7a17 sched/fair: Detect capacity inversion
1de6ee9d812c sched/uclamp: Cater for uclamp in 
find_energy_efficient_cpu()'s early exit condition
a77e3c0e067d sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
ac407e5102e9 sched/uclamp: Fix fits_capacity() check in feec()
46c631fe5a94 mm: page_alloc: skip regions with hugetlbfs pages when 
allocating 1G pages
981e276dd965 mm/khugepaged: check again on anon uffd-wp during isolation
29562319cba0 drm/i915: Fix fast wake AUX sync len
afbfd70cb1a0 mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
1aaa1e0a9a0f kernel/sys.c: fix and improve control flow in 
__sys_setres[ug]id()
ebab1a86ca3e memstick: fix memory leak if card device is never registered
8c168553abce nilfs2: initialize unused bytes in segment summary blocks
e513fb5cadc4 iio: light: tsl2772: fix reading proximity-diodes from device 
tree
c15737965434 rtmutex: Add acquire semantics for rtmutex lock acquisition 
slow path
a8466e335f58 platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
4a2a34a75f3e xen/netback: use same error messages for same errors
08e774db2ef1 nvme-tcp: fix a possible UAF when failing to allocate an io 
queue
1b91bfae3ee1 s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
357fa038d93d net: dsa: b53: mmap: add phy ops
583d2abf1374 scsi: core: Improve scsi_vpd_inquiry() checks
139bea1d3aa1 scsi: megaraid_sas: Fix fw_crash_buffer_show()
73890c48849d selftests: sigaltstack: fix -Wuninitialized
c2680efa1507 platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
fd3e899340e1 Input: i8042 - add quirk for Fujitsu Lifebook A574/H
14bb1fb893db f2fs: Fix f2fs_truncate_partial_nodes ftrace event
0ebc93afdaf6 e1000e: Disable TSO on i219-LM card to increase speed
e722ea6dae2c bpf: Fix incorrect verifier pruning due to missing register 
precision taints
25e50cdf9f63 spi: spi-rockchip: Fix missing unwind goto in 
rockchip_sfc_probe()
cbce626dcd23 mlxsw: pci: Fix possible crash during initialization
4eee0d9d3c11 net: rpl: fix rpl header size calculation
92e0bc5e34ad bonding: Fix memory leak when changing bond type to Ethernet
b24026f1409c mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
5610d81d0214 bnxt_en: Do not initialize PTP on older P3/P4 chips
7ff875ee15bc netfilter: nf_tables: tighten netlink attribute requirements 
for catch-all elements
0a397535d189 netfilter: nf_tables: validate catch-all set elements
25f1b40cf9b2 i40e: fix i40e_setup_misc_vector() error handling
536ed39cbec8 i40e: fix accessing vsi->active_filters without holding lock
8089d724dd7a netfilter: nf_tables: fix ifdef to also consider nf_tables=m
69ea11769b8d sfc: Fix use-after-free due to selftest_work
aa16f7b99d23 sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP.
b36d82ddc74e virtio_net: bugfix overflow inside xdp_linea

[OE-core] [mickledore 1/6] yocto-bsps: update to v5.15.106

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:

d86dfc4d95cd Linux 5.15.106
06a948b8347c x86/PVH: avoid 32-bit build warning when obtaining VGA console 
info
3abdf6d71fdb hsr: ratelimit only when errors are printed
fcc09ef87e79 libbpf: Fix btf_dump's packed struct determination
74059587b25d selftests/bpf: Add few corner cases to test padding handling 
of btf_dump
c74ae8678dfa libbpf: Fix BTF-to-C converter's padding logic
17a61d1e9431 selftests/bpf: Test btf dump for struct with padding only 
fields
6777291c7b14 zonefs: Fix error message in zonefs_file_dio_append()
71ab5c1d506d KVM: x86: Purge "highest ISR" cache when updating APICv state
61e0863dc8dd KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 
63:32
4483dc41d123 KVM: VMX: Move preemption timer <=> hrtimer dance to common x86
a58d4e66712b s390/uaccess: add missing earlyclobber annotations to 
__clear_user()
1dfccde646aa KVM: arm64: Disable interrupts while walking userspace PTs
25e74e728168 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
3bfedfdbf92b drm/etnaviv: fix reference leak when mmaping imported buffer
fd1f48613e9f rcu: Fix rcu_torture_read ftrace event
9097ba15ea5c xtensa: fix KASAN report for show_stack
8861429f883e ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
77ab3e5f9873 ALSA: hda/realtek: Add quirks for some Clevo laptops
f775413ffeff ALSA: usb-audio: Fix regression on detection of Roland VS-100
b39d42ed67d5 ALSA: hda/conexant: Partial revert of a quirk for Lenovo
305a171cf617 NFSv4: Fix hangs when recovering open state after a server 
reboot
7624973bc15b powerpc: Don't try to copy PPR for task with NULL pt_regs
3a9510113f5b pinctrl: at91-pio4: fix domain name assignment
6c1bc7b50e02 pinctrl: amd: Disable and mask interrupts on resume
45ed4e5149e8 net: phy: dp83869: fix default value for tx-/rx-internal-delay
0f75ef136169 xen/netback: don't do grant copy across page boundary
8a581b71cf68 can: j1939: prevent deadlock by moving j1939_sk_errqueue()
a3373a681d9a zonefs: Always invalidate last cached page on append write
c1310fc7abe6 btrfs: scan device in non-exclusive mode
c976f9233ef9 btrfs: fix race between quota disable and quota assign ioctls
1484852ca152 Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report 
DMI table
b64305185b76 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
0a2e0baf3677 cifs: prevent infinite recursion in CIFSGetDFSRefer()
a5075c097de1 Input: focaltech - use explicitly signed char type
cf43bc826159 Input: alps - fix compatibility with -funsigned-char
16c951f3eba4 iommu/vt-d: Allow zero SAGAW if second-stage not supported
e4fbeaa31362 pinctrl: ocelot: Fix alt mode for ocelot
76f09582a191 net: ethernet: mtk_eth_soc: fix flow block refcounting logic
9caf3cbf1224 net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
4c6c0e8510a2 bnxt_en: Add missing 200G link speed reporting
c519174366a3 bnxt_en: Fix typo in PCI id to device description string 
mapping
24722a0e0925 bnxt_en: Fix reporting of test result in ethtool selftest
3e3654bf679f i40e: fix registers dump after run ethtool adapter self test
8d7b0b22ea22 net: ipa: compute DMA pool size properly
81d2a7e93c83 ALSA: ymfpci: Fix BUG_ON in probe function
95642872c466 ALSA: ymfpci: Create card with device-managed 
snd_devm_card_new()
9cb4f23e4f7a ice: fix invalid check for empty list in 
ice_sched_assoc_vsi_to_agg()
938eba5b434d ice: add profile conflict check for AVF FDIR
0ea60b230d19 smsc911x: avoid PHY being resumed when interface is not up
41f77a6d9841 net: mvpp2: parser fix PPPoE
ec117d22f143 net: mvpp2: parser fix QinQ
18d6e95fbb08 net: mvpp2: classifier flow fix fragmentation flags
aa45d3dd74e9 loop: LOOP_CONFIGURE: send uevents for partitions
83ee49ab185d loop: suppress uevents while reconfiguring the device
aa2bff25e9bb s390/vfio-ap: fix memory leak in vfio_ap device driver
bf70e0eab64c can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
959348f7c300 platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
c8e7ff3071bf drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
61e2e6d444cd net: stmmac: don't reject VLANs when IFF_PROMISC is set
2d5cebf57296 net/net_failover: fix txq exceeding warning
829a0d013c00 regulator: Handle deferred clk
75155f4d8dcd r8169: fix RTL8168H and RTL8107E rx crc error
4597e104a365 net: dsa: microchip: ksz8863_smi: fix bulk access
c0de1a26e659 ptp_qoriq: fix memory leak in probe()
d84796008a89 scsi: mpt3sas: Don't print sense pool info twice
27b1ae000bf1 scsi: megaraid_sas: Fix crash after a double completion
d63a83146d25 sfc: ef10: don't overwrite offload features at NIC reset
7ea88e90dabb SUNRPC: fix sh

[OE-core] [kirkstone 5/5] linux-yocto/5.10: update to v5.10.180

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

4c893ff55907 Linux 5.10.180
3ebe5d6d69ce drm/amd/display: Fix hang when skipping modeset
a992c387b411 mm/page_alloc: fix potential deadlock on zonelist_update_seq 
seqlock
f2656f437fb1 drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag
32232bcd4e53 printk: declare printk_deferred_{enter,safe}() in 
include/linux/printk.h
fcfe05990a5c KVM: x86: move guest_pv_has out of user_access section
85cfbaa575ea KVM: x86: do not report preemption if the steal time cache is 
stale
4bffae22bec7 KVM: x86: revalidate steal time cache if MSR value changes
e10a73f53809 KVM: x86: do not set st->preempted when going back to user 
space
029662004359 KVM: x86: Remove obsolete disabling of page faults in 
kvm_arch_vcpu_put()
8e39c2f407af KVM: Fix steal time asm constraints
ebd3010d42ba KVM: x86: Fix recording of guest steal time / preempted status
4b19cbdb1dd3 KVM: x86: Ensure PV TLB flush tracepoint reflects KVM behavior
01c0002ec7bd drbd: correctly submit flush bio on barrier
ef77d602e306 serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
1a8822343e67 ext4: fix invalid free tracking in ext4_xattr_move_to_block()
b0fc279de4bf ext4: remove a BUG_ON in ext4_mb_release_group_pa()
d88fe8e61126 ext4: bail out of ext4_xattr_ibody_get() fails for any reason
4597554b4f7b ext4: add bounds checking in get_max_inline_xattr_value_size()
5f8b55136ad7 ext4: fix deadlock when converting an inline directory in 
nojournal mode
37c69da3adc4 ext4: improve error recovery code paths in __ext4_remount()
08838aeefa6f ext4: check iomap type only if ext4_iomap_begin() does not fail
4aa7f744fa37 ext4: fix data races when using cached status extents
0dde3141c527 ext4: avoid a potential slab-out-of-bounds in 
ext4_group_desc_csum
5d356d902e9d ext4: fix WARNING in mb_find_extent
529f41f0eb1e KVM: x86: do not report a vCPU as preempted outside 
instruction boundaries
0cb6e9e7d3f1 KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() 
with vcpu_mask==NULL
4502ebbdc0e2 HID: wacom: insert timestamp to packed Bluetooth (BT) events
77fd800d3f1b HID: wacom: Set a default resolution for older tablets
c1420276be7a drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled 
in suspend
20ca90ceda71 drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when 
enabling legacy gfx ras
eed63477ae06 drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
c85327c1e93c drm/panel: otm8009a: Set backlight parent to panel device
957904f531fd f2fs: fix potential corruption when moving a directory
4a638a958230 ARM: dts: s5pv210: correct MIPI CSIS clock name
fed6318e4722 ARM: dts: exynos: fix WM8960 clock name in Itop Elite
777952ce1187 remoteproc: st: Call of_node_put() on iteration error
30e0834becd8 remoteproc: stm32: Call of_node_put() on iteration error
62fe5d74ef7f sh: nmi_debug: fix return value of __setup handler
9245f34029b7 sh: init: use OF_EARLY_FLATTREE for early init
f19bc0d2a68c sh: mcount.S: fix build error when PRINTK is not enabled
bbad64abd610 sh: math-emu: fix macro redefined warning
2d65c9e5 inotify: Avoid reporting event with invalid wd
73aef14407de platform/x86: touchscreen_dmi: Add info for the Dexp Ursus 
KX210i
4b87eec73e47 platform/x86: touchscreen_dmi: Add upside-down quirk for 
GDIX1002 ts on the Juno Tablet
8c2cdb7326f0 cifs: fix pcchunk length type in smb2_copychunk_range
829c20fd7a7b btrfs: print-tree: parent bytenr must be aligned to sector size
148b16cd30b2 btrfs: don't free qgroup space unless specified
08fa23adbdcc btrfs: fix btrfs_prev_leaf() to not return the same key twice
7a4db11f00f3 perf symbols: Fix return incorrect build_id size in 
elf_read_build_id()
87a1fa0ad74e crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
be3517ae6b80 perf map: Delete two variable initialisations before null 
pointer checks in sort__sym_from_cmp()
604b650fb574 perf pmu: zfree() expects a pointer to a pointer to zero it 
after freeing its contents
1ebd0dfb271e perf vendor events power9: Remove UTF-8 characters from JSON 
files
796616f216d0 net: enetc: check the index of the SFI rather than the handle
b6b15de5129e virtio_net: suppress cpu stall when free_unused_bufs
c043714ef230 virtio_net: split free_unused_bufs()
0773270b1314 net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz 
XTAL MT7621
0f1ad0ef60cc ALSA: caiaq: input: Add error handling for unsupported input 
methods in `snd_usb_caiaq_input_init`
7f497a9451d7 drm/amdgpu: add a missing lock for AMDGPU_SCHED
f00ef2618fa1 af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
02359ba526ce ionic: remove noise from ethtool rxnfc error msg
3605b3318483 octeontx2-vf: Detach LF resources on probe cleanup
e

[OE-core] [kirkstone 3/5] linux-yocto/5.10: update to v5.10.178

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

791a854ae5a5 Linux 5.10.178
f177b382c339 sysctl: Fix data-races in proc_dou8vec_minmax().
56314b90fd43 panic, kexec: make __crash_kexec() NMI safe
d425f348211f kexec: turn all kexec_mutex acquisitions into trylocks
784b6ba15eb2 kexec: move locking into do_kexec_load
0b077b22ea9f riscv: Handle zicsr/zifencei issues between clang and binutils
c36a25101179 kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
d5f67f6d4ec4 kbuild: Switch to 'f' variants of integrated assembler flag
83f55e6f298e kbuild: check the minimum assembler version in Kconfig
6facabb4d069 coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
7b78445bce52 watchdog: sbsa_wdog: Make sure the timeout programming is 
within the limits
10b7a33c5de3 i2c: ocores: generate stop condition after timeout in polling 
mode
b4210b10dc7e x86/rtc: Remove __init for runtime functions
ba4a2f6d99fc sched/fair: Fix imbalance overflow
68387ae3b63e sched/fair: Move calculate of avg_load to a better location
ccbec01cc99c powerpc/papr_scm: Update the NUMA distance table for the 
target node
453b3188be89 powerpc/pseries: Add support for FORM2 associativity
498618e0a1e7 powerpc/pseries: Add a helper for form1 cpu distance
18ce785effd9 powerpc/pseries: Consolidate different NUMA distance update 
code paths
f2ae0eb96bfb powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY
f6d8a3a2eaab powerpc/pseries: rename min_common_depth to 
primary_domain_index
5abf8af8df97 ubi: Fix deadlock caused by recursively holding work_sem
33611d4a8181 mtd: ubi: wl: Fix a couple of kernel-doc issues
0279e82e1484 ubi: Fix failure attaching when vid_hdr offset equals to 
(sub)page size
37a3cf4abc5a cgroup/cpuset: Wake up cpuset_attach_wq tasks in 
cpuset_cancel_attach()
10bda0ec3160 x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X 
state in D3hot
176d7345b89c scsi: ses: Handle enclosure with just a primary component 
gracefully
cf22c98bcbf8 net: sfp: initialize sfp->i2c_block_size at sfp allocation
2a4835b8ede0 riscv: add icache flush for nommu sigreturn trampoline
c76e79e526cd asymmetric_keys: log on fatal failures in PE/pkcs7
5de2e1f5e26f verify_pefile: relax wrapper length check
e4b9f0bf91a3 drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book 
X90F
9f0ee9ed54e1 efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
e1f80b4dfad9 i2c: imx-lpi2c: clean rx/tx buffers upon new message
81c30f89b9c3 wifi: mwifiex: mark OF related data as maybe unused
ab39582f3081 power: supply: cros_usbpd: reclassify "default case!" as debug
6de0d0699f5c libbpf: Fix single-line struct definition output in btf_dump
1bec9da233f7 net: macb: fix a memory corruption in extended buffer 
descriptor mode
7d8c844b337d udp6: fix potential access to stale information
d1b9b3191697 RDMA/core: Fix GID entry ref leak when create_ah fails
79b28f42214a sctp: fix a potential overflow in sctp_ifwdtsn_skip
3814d211ff13 net: qrtr: Fix an uninit variable access bug in 
qrtr_tx_resume()
dad92d8ada07 qlcnic: check pci_reset_function result
4a519731ece8 drm/armada: Fix a potential double free in an error handling 
path
a069d4d98cd2 tcp: restrict net.ipv4.tcp_app_win
cc9f9a49f5b3 tcp: convert elligible sysctls to u8
f662a0786dfd ipv4: shrink netns_ipv4 with sysctl conversions
389dab6142d7 sysctl: add proc_dou8vec_minmax()
8a1fdb35459d niu: Fix missing unwind goto in niu_alloc_channels()
9266e939d762 9p/xen : Fix use after free bug in xen_9pfs_front_remove due 
to race condition
ae1149885142 RDMA/cma: Allow UD qp_type to join multicast only
5e567fd29611 IB/mlx5: Add support for 400G_8X lane speed
a1d2fb5d13c9 IB/mlx5: Add support for NDR link speed
8a886f01b85d clk: sprd: set max_register according to mapping range
6e2845284b12 mtd: rawnand: stm32_fmc2: use timings.mode instead of checking 
tRC_min
9e946e4e8c3d mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
6b0e71919264 mtd: rawnand: meson: fix bitmask for length in command word
441e57ff87c2 mtdblock: tolerate corrected bit-flips
0d07ea8d385c fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
5635e6940656 btrfs: fix fast csum implementation detection
3576e08f19dc btrfs: print checksum type and implementation at mount time
f7ec5ca433ce Bluetooth: Fix race condition in hidp_session_thread
d9ba36c22a7b Bluetooth: L2CAP: Fix use-after-free in 
l2cap_disconnect_{req,rsp}
8533fe864574 ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
8f6a20a4f4ce ALSA: firewire-tascam: add missing unwind goto in 
snd_tscm_stream_start_duplex()
69108a8a45c6 ALSA: i2c/cs8427: fix iec958 mixer control deactivation
e63a515d11de ALSA: hda/sigmatel: add pin overrides for Intel DP45SG 
motherboard
   

[OE-core] [kirkstone 4/5] linux-yocto/5.10: update to v5.10.179

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

f1b32fda06d2 Linux 5.10.179
0367bf3f4a4e ASN.1: Fix check for strdup() success
4ab5f8f9d026 ASoC: fsl_asrc_dma: fix potential null-ptr-deref
42604b4ad5f3 iio: adc: at91-sama5d2_adc: fix an error code in 
at91_adc_allocate_trigger()
155b2586de3f pwm: hibvt: Explicitly set .polarity in .get_state()
1c3a1211370d pwm: iqs620a: Explicitly set .polarity in .get_state()
b28079807de2 pwm: meson: Explicitly set .polarity in .get_state()
f69112de70a0 sctp: Call inet6_destroy_sock() via sk->sk_destruct().
7da54ddc04e6 dccp: Call inet6_destroy_sock() via sk->sk_destruct().
04d393c4bbf5 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
b1f06ab985ef tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
0e7b5e1020aa udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
05cf34a2b641 ext4: fix use-after-free in ext4_xattr_set_entry
c75711396c04 ext4: remove duplicate definition of 
ext4_xattr_ibody_inline_set()
9400206d9d5e Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
81775ab858b4 fuse: fix deadlock between atomic O_TRUNC and page invalidation
03cefde986f1 fuse: always revalidate rename target dentry
42dfdbd4dcfa fuse: fix attr version comparison in fuse_read_update_size()
0078a1667cbf fuse: check s_root when destroying sb
6d0d67b05f7b virtiofs: split requests that exceed virtqueue size
cf08dc79168a virtiofs: clean up error handling in virtio_fs_get_tree()
e220438d1e33 purgatory: fix disabling debug info
37df709706ae docs: futex: Fix kernel-doc references after code split-up 
preparation
77748b0a047e MIPS: Define RUNTIME_DISCARD_EXIT in LD script
4735b6f74f25 sched/fair: Fixes for capacity inversion detection
89ad8a672f57 sched/uclamp: Fix a uninitialized variable warnings
09129798a608 sched/fair: Consider capacity inversion in util_fits_cpu()
30f04dd56dfd sched/fair: Detect capacity inversion
b18cbd359d72 sched/uclamp: Cater for uclamp in 
find_energy_efficient_cpu()'s early exit condition
41a880740c9f sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
07750955e9a2 sched/uclamp: Make asym_fits_capacity() use util_fits_cpu()
2fd1c194e688 sched/uclamp: Make select_idle_capacity() use util_fits_cpu()
8ca2bf63d946 sched/uclamp: Fix fits_capacity() check in feec()
5cb1a56ced30 sched/uclamp: Make task_fits_capacity() use util_fits_cpu()
2523d9d7bb5c mm/khugepaged: check again on anon uffd-wp during isolation
651b0bf43d67 mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
c61928fcca27 kernel/sys.c: fix and improve control flow in 
__sys_setres[ug]id()
e10a6d88ae9b memstick: fix memory leak if card device is never registered
2c90ef37151f nilfs2: initialize unused bytes in segment summary blocks
09daff9c3cd7 iio: light: tsl2772: fix reading proximity-diodes from device 
tree
77ac8f2ad4ad xfs: drop submit side trans alloc for append ioends
a4e800a7bd67 powerpc/doc: Fix htmldocs errors
c215c636819c xen/netback: use same error messages for same errors
0c9cbfc951c4 nvme-tcp: fix a possible UAF when failing to allocate an io 
queue
8c746b665089 s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
a36246a7480d net: dsa: b53: mmap: add phy ops
b33f28ea45e9 scsi: core: Improve scsi_vpd_inquiry() checks
24ddcc6a635b scsi: megaraid_sas: Fix fw_crash_buffer_show()
01bd481b1b94 selftests: sigaltstack: fix -Wuninitialized
8b44a83a1680 Input: i8042 - add quirk for Fujitsu Lifebook A574/H
37882b203a2d f2fs: Fix f2fs_truncate_partial_nodes ftrace event
9a8dbfd7f3e5 e1000e: Disable TSO on i219-LM card to increase speed
b1281d008845 bpf: Fix incorrect verifier pruning due to missing register 
precision taints
b085b5787b4a mlxsw: pci: Fix possible crash during initialization
c972851d3848 net: rpl: fix rpl header size calculation
b6b06c5ee333 mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
880c09bc2f0b i40e: fix i40e_setup_misc_vector() error handling
72df55d3dc96 i40e: fix accessing vsi->active_filters without holding lock
381110d06192 netfilter: nf_tables: fix ifdef to also consider nf_tables=m
6758a51ef36a sfc: Fix use-after-free due to selftest_work
06a72bbf0d98 sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP.
b6dd232f6350 virtio_net: bugfix overflow inside xdp_linearize_page()
ddcf35deb8f2 net: sched: sch_qfq: prevent slab-out-of-bounds in 
qfq_activate_agg
8e73952957a3 regulator: fan53555: Explicitly include bits header
3224458030a2 netfilter: br_netfilter: fix recent physdev match breakage
08b78037c4f1 arm64: dts: imx8mm-evk: correct pmic clock source
2c06e904c2b7 arm64: dts: meson-g12-common: specify full DMC range
b33dbd06ac5f arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY 
node
e6

[OE-core] [kirkstone 2/5] linux-yocto/5.10: update to v5.10.177

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

387078f9030c Linux 5.10.177
34a02011c5d1 hsr: ratelimit only when errors are printed
7c414f6f06e9 gfs2: Always check inode size of inline inodes
3392d67af0a4 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
b4781477f397 libbpf: Fix btf_dump's packed struct determination
7ad30ad8c684 selftests/bpf: Add few corner cases to test padding handling 
of btf_dump
e5a16bcb131c libbpf: Fix BTF-to-C converter's padding logic
b9f7422dd94a selftests/bpf: Test btf dump for struct with padding only 
fields
f1c17475a9dc zonefs: Fix error message in zonefs_file_dio_append()
b51e4422952b btrfs: scan device in non-exclusive mode
3eeff8d26c6d s390/uaccess: add missing earlyclobber annotations to 
__clear_user()
7051d51f1241 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
79815326a516 drm/etnaviv: fix reference leak when mmaping imported buffer
a484f8bec8ee rcu: Fix rcu_torture_read ftrace event
08bfd05987df xtensa: fix KASAN report for show_stack
8ada1b5c8b43 ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
3b6992bdf09d ALSA: usb-audio: Fix regression on detection of Roland VS-100
0044721f4f95 ALSA: hda/conexant: Partial revert of a quirk for Lenovo
3d328a17c8cb NFSv4: Fix hangs when recovering open state after a server 
reboot
80a4200d51e5 powerpc: Don't try to copy PPR for task with NULL pt_regs
12c2612e18ca pinctrl: at91-pio4: fix domain name assignment
25065ed83b5f pinctrl: amd: Disable and mask interrupts on resume
fbf3fe7f7bc3 net: phy: dp83869: fix default value for tx-/rx-internal-delay
b3d7a4478ce0 xen/netback: don't do grant copy across page boundary
5f6347034341 btrfs: fix race between quota disable and quota assign ioctls
ba5deb64ddde Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report 
DMI table
26a32a212bc5 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
63bbe24b99f9 cifs: prevent infinite recursion in CIFSGetDFSRefer()
8b3d7ad3e8f1 Input: focaltech - use explicitly signed char type
449a1a61f7f1 Input: alps - fix compatibility with -funsigned-char
988061d09972 pinctrl: ocelot: Fix alt mode for ocelot
ed3439a8c4fe net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
8104c795517c bnxt_en: Add missing 200G link speed reporting
62850a076353 bnxt_en: Fix typo in PCI id to device description string 
mapping
f524d1e55013 i40e: fix registers dump after run ethtool adapter self test
fa7fafedc9fd net: ipa: compute DMA pool size properly
96e34c88000f ALSA: ymfpci: Fix BUG_ON in probe function
688b1178c443 ALSA: ymfpci: Fix assignment in if condition
ee17dea3072d s390/vfio-ap: fix memory leak in vfio_ap device driver
ab2a55907823 can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
9b22e0cfc4d7 net: stmmac: don't reject VLANs when IFF_PROMISC is set
f032e125149d net/net_failover: fix txq exceeding warning
1025c471517b regulator: Handle deferred clk
69ed49a7b881 r8169: fix RTL8168H and RTL8107E rx crc error
3907fcb5a439 ptp_qoriq: fix memory leak in probe()
6ff4a54c0218 scsi: megaraid_sas: Fix crash after a double completion
059c3a7a3d6d sfc: ef10: don't overwrite offload features at NIC reset
4a81e2da7297 mtd: rawnand: meson: invalidate cache on polling ECC bit
47a449ec09b4 mips: bmips: BCM6358: disable RAC flush for TP1
ac63f78d9aca ca8210: Fix unsigned mac_len comparison with zero in 
ca8210_skb_tx()
8b1269b709c9 tracing: Fix wrong return in kprobe_event_gen_test.c
038765a095fd tools/power turbostat: Fix /dev/cpu_dma_latency warnings
5ec5680dc656 fbdev: au1200fb: Fix potential divide by zero
ce5551db3629 fbdev: lxfb: Fix potential divide by zero
c2be7f80562d fbdev: intelfb: Fix potential divide by zero
78eb964805f9 fbdev: nvidia: Fix potential divide by zero
1f2a94baee43 sched_getaffinity: don't assume 'cpumask_size()' is fully 
initialized
6eaa2254cc5e fbdev: tgafb: Fix potential divide by zero
baef27176ea5 ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
fcf80111a4f6 ALSA: asihpi: check pao in control_message()
b94ffa287415 net: hsr: Don't log netdev_err message on unknown prp dst node
74d6d33f3695 md: avoid signed overflow in slot_store()
10941fd5c3e1 fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
0b9493b504fc dm crypt: avoid accessing uninitialized tasklet
b2d19565478f bus: imx-weim: fix branch condition evaluates to a garbage 
value
1635a062fa0e drm/meson: fix missing component unbind on bind errors
794a6cea2268 drm/meson: Fix error handling when afbcd.ops->init fails
f7385e0886cd kcsan: avoid passing -g for test
46ae204069e7 kernel: kcsan: kcsan_test: build without structleak plugin
a5ce0a559b66 usb: dwc3: gadget: Add 1ms delay after end trans

[OE-core] [kirkstone 1/5] linux-yocto/5.10: update to v5.10.176

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

ca9787bdecfa Linux 5.10.176
e57f797e3ffa HID: uhid: Over-ride the default maximum data buffer value 
with our own
9bc878756b01 HID: core: Provide new max_buffer_size attribute to over-ride 
the default
daa97e770e78 xfs: remove xfs_setattr_time() declaration
183ca919544c fs: use consistent setgid checks in is_sxid()
0e9dbde96cac attr: use consistent sgid stripping checks
240b96ffece8 attr: add setattr_should_drop_sgid()
baea3ae425fb fs: move should_remove_suid()
24378d6f7486 attr: add in_group_or_capable()
94ac142c19f1 fs: move S_ISGID stripping into the vfs_*() helpers
347750e1b69c fs: add mode_strip_sgid() helper
f60b68c46444 xfs: use setattr_copy to set vfs inode attributes
8cf9400f8948 xfs: set prealloc flag in xfs_alloc_file_space()
308dfe49eb75 xfs: fallocate() should call file_modified()
35f049abbae3 xfs: remove XFS_PREALLOC_SYNC
c84fb2962680 xfs: don't leak btree cursor when insrec fails after a split
be60f08c03de xfs: purge dquots after inode walk fails during quotacheck
d6f223cfef32 xfs: don't assert fail on perag references on teardown
d0292124bb57 PCI/DPC: Await readiness of secondary bus after reset
337aa99f76ea PCI: Unify delay handling for reset and resume
b5e0b3d74285 s390/ipl: add missing intersection check to ipl_report handling
84e2e393bf9f io_uring: avoid null-ptr-deref in io_arm_poll_handler
5e784a7d07af drm/i915/active: Fix misuse of non-idle barriers as fence 
trackers
8f27d4321700 drm/i915: Don't use stolen memory for ring buffers with LLC
b4a798374f2d x86/mm: Fix use of uninitialized buffer in sme_enable()
764217184f9e x86/mce: Make sure logged MCEs are processed after sysfs update
15e926dfd820 cpuidle: psci: Iterate backwards over list in psci_pd_remove()
38742635eda9 fbdev: stifb: Provide valid pixelclock and add fb_check_var() 
checks
03fc29e75e44 mmc: sdhci_am654: lower power-on failed message severity
b2747b690cb9 mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the 
huge zeropage
83c3b2f4e7c6 ftrace: Fix invalid address access in lookup_rec() when index 
is 0
f9a98b8dde09 mptcp: avoid setting TCP_CLOSE state twice
684c7372bbd6 drm/shmem-helper: Remove another errant put in error path
fbc5ffcce72b ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy 
Book2 Pro
9addf5e1050a ALSA: hda: intel-dsp-config: add MTL PCI id
c54974ccaff7 KVM: nVMX: add missing consistency checks for CR0 and CR4
7b18dea697e4 cifs: Fix smb2_set_path_size()
ec663c410ce0 tracing: Make tracepoint lockdep check actually test something
8ae86ef7a058 tracing: Check field value in hist_field_name()
de3170bd41de tracing: Make splice_read available again
efae80ca13fa interconnect: fix mem leak when freeing nodes
b37d3ccbd549 firmware: xilinx: don't make a sleepable memory allocation 
from an atomic context
0c16c20b8787 serial: 8250_em: Fix UART port type
f5a5150c7066 tty: serial: fsl_lpuart: skip waiting for transmission 
complete when UARTCTRL_SBK is asserted
020166bc6669 ext4: fix possible double unlock when moving a directory
7257070be70e drm/amd/display: fix shift-out-of-bounds in 
CalculateVMAndRowBytes
ab7da8d93a6f sh: intc: Avoid spurious sizeof-pointer-div warning
6936525142a0 drm/amdkfd: Fix an illegal memory access
a98160d8f3e6 ext4: fix task hung in ext4_xattr_delete_inode
0bf15bc393a1 ext4: fail ext4_iget if special inode unallocated
8e7f26b9565a jffs2: correct logic when creating a hole in jffs2_write_begin
980d4e70c708 mmc: atmel-mci: fix race between stop command and start of 
next command
04eaeaa2f79f media: m5mols: fix off-by-one loop termination error
a4c048d502eb hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
a4c3e1132422 hwmon: tmp512: drop of_match_ptr for ID table
c5bd9719b53b hwmon: (ucd90320) Add minimum delay between bus accesses
663c3afee81e hwmon: (ina3221) return prober error code
0a73c8b3cc99 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove 
due to race condition
4a8c3ad12c9d hwmon: (adt7475) Fix masking of hysteresis registers
aff84fadba53 hwmon: (adt7475) Display smoothing attributes in correct order
d4dbd26f985c ethernet: sun: add check for the mdesc_grab()
eb80cb66a2c5 qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
1c06d1223728 selftests: net: devlink_port_split.py: skip test if no 
suitable device available
bd2e78462ae1 net/iucv: Fix size of interrupt data
2cc46ed406bb net: usb: smsc75xx: Move packet length check to prevent kernel 
panic in skb_pull
013fae04b8ff ipv4: Fix incorrect table ID in IOCTL path
1f0586dcc076 net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 
6250, 6290
cccba1ff0798 ice: xsk: disable txq irq before flushing hw
2f28cb5c2a51 block

[OE-core] [dunfell 3/5] linux-yocto/5.4: update to v5.4.241

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

58f42ed1cd31 Linux 5.4.241
879593643717 xfs: force log and push AIL to clear pinned inodes when 
aborting mount
c76dd368759a xfs: don't reuse busy extents on extent trim
4679b73a8ed4 xfs: consider shutdown in bmapbt cursor delete assert
9355fd118b4e xfs: shut down the filesystem if we screw up quota reservation
48f75df5b3bb xfs: report corruption only as a regular error
3cce34ceb2ef xfs: set inode size after creating symlink
e76bd6da5123 xfs: fix up non-directory creation in SGID directories
ad6613c98463 xfs: remove the di_version field from struct icdinode
ca4533c951e1 xfs: simplify a check in xfs_ioctl_setattr_check_cowextsize
e078b3de3e41 xfs: simplify di_flags2 inheritance in xfs_ialloc
0c553917b61a xfs: only check the superblock version for dinode size 
calculation
90aab52d062c xfs: add a new xfs_sb_version_has_v3inode helper
edd36a57b4a6 xfs: remove the kuid/kgid conversion wrappers
3ef81874f71c xfs: remove the icdinode di_uid/di_gid members
cc508a41ae48 xfs: ensure that the inode uid/gid match values match the 
icdinode ones
7a9dc7977140 xfs: merge the projid fields in struct xfs_icdinode
4f3252e7e132 xfs: show the proper user quota options
799cafa4f304 coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
440bdc49f744 watchdog: sbsa_wdog: Make sure the timeout programming is 
within the limits
70ca826d3ddb i2c: ocores: generate stop condition after timeout in polling 
mode
5fb5bdcdcd5a ubi: Fix deadlock caused by recursively holding work_sem
0b27716f2d44 mtd: ubi: wl: Fix a couple of kernel-doc issues
e55588c44255 ubi: Fix failure attaching when vid_hdr offset equals to 
(sub)page size
a652c30fa2ba asymmetric_keys: log on fatal failures in PE/pkcs7
5809dbacc431 verify_pefile: relax wrapper length check
0213f027d030 drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book 
X90F
b3052e5d468b efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
02a78e653933 i2c: imx-lpi2c: clean rx/tx buffers upon new message
1ef56397449e power: supply: cros_usbpd: reclassify "default case!" as debug
7169d1638824 net: macb: fix a memory corruption in extended buffer 
descriptor mode
c39fa0398a30 udp6: fix potential access to stale information
9c46c49ad3ff RDMA/core: Fix GID entry ref leak when create_ah fails
ad831a7079c9 sctp: fix a potential overflow in sctp_ifwdtsn_skip
afffe0d1e6b9 qlcnic: check pci_reset_function result
a841f6a0a39d niu: Fix missing unwind goto in niu_alloc_channels()
fcd084e199b9 9p/xen : Fix use after free bug in xen_9pfs_front_remove due 
to race condition
1b77cb6f5e4a mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
4c1d882b53a3 mtd: rawnand: meson: fix bitmask for length in command word
266746003439 mtdblock: tolerate corrected bit-flips
50dbfd9dacda btrfs: fix fast csum implementation detection
c6db5f2a31cd btrfs: print checksum type and implementation at mount time
8a99e6200c38 Bluetooth: Fix race condition in hidp_session_thread
c02421992505 Bluetooth: L2CAP: Fix use-after-free in 
l2cap_disconnect_{req,rsp}
9025cea8e03b ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
4d419195d6b8 ALSA: firewire-tascam: add missing unwind goto in 
snd_tscm_stream_start_duplex()
fe158eeccc38 ALSA: i2c/cs8427: fix iec958 mixer control deactivation
aa23fa32e5ff ALSA: hda/sigmatel: add pin overrides for Intel DP45SG 
motherboard
62ccf2e0b106 ALSA: emu10k1: fix capture interrupt handler unlinking
9a3ba7b24d08 Revert "pinctrl: amd: Disable and mask interrupts on resume"
2945f948aa84 irqdomain: Fix mapping-creation race
e8f3aea716d2 irqdomain: Refactor __irq_domain_alloc_irqs()
3804f265c1bf irqdomain: Look for existing mapping only once
e7bba7ddb431 mm/swap: fix swap_info_struct race between swapoff and 
get_swap_pages()
fd644712bccd ring-buffer: Fix race while reader and writer are on the same 
page
c208b4321e8f drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
c381527918b1 net_sched: prevent NULL dereference if default qdisc setup 
failed
987f599fc556 tracing: Free error logs of tracing instances
d2136f05690c can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory 
access
5a74a75fc3d3 ftrace: Mark get_lock_parent_ip() __always_inline
95bbfeb4ff0e perf/core: Fix the same task check in perf_event_set_output
666c25d35e5e ALSA: hda/realtek: Add quirk for Clevo X370SNW
83b16a60e413 nilfs2: fix sysfs interface lifetime
613bf23c070d nilfs2: fix potential UAF of struct nilfs_sc_info in 
nilfs_segctor_thread()
aa8e50688d44 tty: serial: fsl_lpuart: avoid checking for transfer complete 
when UARTCTRL_SBK is asserted in lpuart32_tx_empty
aabba4440409 tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
209ab5c234c5

[OE-core] [dunfell 4/5] linux-yocto/5.4: update to v5.4.242

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

ea7862c507ec Linux 5.4.242
d54a9f999ea7 ASN.1: Fix check for strdup() success
2500d7edebfb iio: adc: at91-sama5d2_adc: fix an error code in 
at91_adc_allocate_trigger()
760c2e6dee32 pwm: meson: Explicitly set .polarity in .get_state()
7f2b8046da83 xfs: fix forkoff miscalculation related to XFS_LITINO(mp)
c27a6bb1788f sctp: Call inet6_destroy_sock() via sk->sk_destruct().
97ce6cde1f51 dccp: Call inet6_destroy_sock() via sk->sk_destruct().
a01b75620e1a inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
9374db5bd1e3 tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
2ac4697b7779 udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
5a62248c5855 ext4: fix use-after-free in ext4_xattr_set_entry
3b0044cb28f7 ext4: remove duplicate definition of 
ext4_xattr_ibody_inline_set()
3c4fdbf368ba Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
ef2aab86c34c x86/purgatory: Don't generate debug info for purgatory.ro
c22aefaef8ae MIPS: Define RUNTIME_DISCARD_EXIT in LD script
a5167e902b64 mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
1b8b54fc55a4 memstick: fix memory leak if card device is never registered
5ad61a5268de nilfs2: initialize unused bytes in segment summary blocks
988766b9d124 iio: light: tsl2772: fix reading proximity-diodes from device 
tree
5cb867f1ecb4 xen/netback: use same error messages for same errors
903f82b1a6b2 nvme-tcp: fix a possible UAF when failing to allocate an io 
queue
34b74c32ff4f s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
64cd99da25c1 net: dsa: b53: mmap: add phy ops
89dcf0dd7aae scsi: core: Improve scsi_vpd_inquiry() checks
f729b74bb489 scsi: megaraid_sas: Fix fw_crash_buffer_show()
4f4ef354f95d selftests: sigaltstack: fix -Wuninitialized
a725dddf2139 Input: i8042 - add quirk for Fujitsu Lifebook A574/H
9df3f502e33d f2fs: Fix f2fs_truncate_partial_nodes ftrace event
2f3730f182fc e1000e: Disable TSO on i219-LM card to increase speed
0f0a291cc520 bpf: Fix incorrect verifier pruning due to missing register 
precision taints
ba610df83b04 mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
d8e120057cee i40e: fix i40e_setup_misc_vector() error handling
59fba01b6c72 i40e: fix accessing vsi->active_filters without holding lock
01125379e2dc netfilter: nf_tables: fix ifdef to also consider nf_tables=m
7c1019391bd6 virtio_net: bugfix overflow inside xdp_linearize_page()
35dceaeab97c net: sched: sch_qfq: prevent slab-out-of-bounds in 
qfq_activate_agg
d61f24a45410 regulator: fan53555: Explicitly include bits header
36f098e1e4d1 netfilter: br_netfilter: fix recent physdev match breakage
375e445b1022 arm64: dts: meson-g12-common: specify full DMC range
cb1f89fe934b ARM: dts: rockchip: fix a typo error for rk3288 spdif node

Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.4.bb   |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb |  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 5d77bc3ae3..8ad2207dd2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "bf0fd4b1c757c39b99fb742f7023718fca6477de"
-SRCREV_meta ?= "6f28deea807165327b46a5b2613bb220e36e3ef1"
+SRCREV_machine ?= "b2e35e842864b87c1b081e27327799f9e0d2ac97"
+SRCREV_meta ?= "12e1d8d16de51659eddf0411d67d4eae4b4ac767"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.241"
+LINUX_VERSION ?= "5.4.242"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 245e049b60..31a1ee783b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.241"
+LINUX_VERSION ?= "5.4.242"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "8ccc251148dca81148

[OE-core] [dunfell 5/5] linux-yocto/5.4: update to v5.4.243

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

f53660ec669f Linux 5.4.243
d60f15682a5c drm/amd/display: Fix hang when skipping modeset
93ca0d7b88e8 mm/page_alloc: fix potential deadlock on zonelist_update_seq 
seqlock
3f231e30cdeb drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag
65a8b6d129cf drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
62ac943eb2a9 firmware: raspberrypi: fix possible memory leak in 
rpi_firmware_probe()
a781ea3437a0 drm/msm: Fix double pm_runtime_disable() call
e4e88f74eb2f PM: domains: Restore comment indentation for 
generic_pm_domain.child_links
ddcca7299de3 printk: declare printk_deferred_{enter,safe}() in 
include/linux/printk.h
c2c3ffc79896 PCI: pciehp: Fix AB-BA deadlock between reset_lock and 
device_lock
6a24285f64ea PCI: pciehp: Use down_read/write_nested(reset_lock) to fix 
lockdep errors
dde34ef0bc73 drbd: correctly submit flush bio on barrier
373720b9289c serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
f2a1071100fe tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
ba04d6af5ac4 ext4: fix invalid free tracking in ext4_xattr_move_to_block()
185062a21976 ext4: remove a BUG_ON in ext4_mb_release_group_pa()
d7ff83a71d77 ext4: bail out of ext4_xattr_ibody_get() fails for any reason
486efbbc9445 ext4: add bounds checking in get_max_inline_xattr_value_size()
b4fa4768c9ac ext4: fix deadlock when converting an inline directory in 
nojournal mode
2dda20290671 ext4: improve error recovery code paths in __ext4_remount()
525c802de3f9 ext4: fix data races when using cached status extents
4f4fd982d972 ext4: avoid a potential slab-out-of-bounds in 
ext4_group_desc_csum
1b90fbc75901 ext4: fix WARNING in mb_find_extent
f9e27d4bdb1f HID: wacom: insert timestamp to packed Bluetooth (BT) events
d8b609e66244 HID: wacom: Set a default resolution for older tablets
3decf3a750a9 drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled 
in suspend
625d4112ea25 drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when 
enabling legacy gfx ras
b1fabc379463 drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
c6bb59662432 drm/panel: otm8009a: Set backlight parent to panel device
3e7703624612 f2fs: fix potential corruption when moving a directory
dafc5a5c8fda ARM: dts: s5pv210: correct MIPI CSIS clock name
ad751b896eae ARM: dts: exynos: fix WM8960 clock name in Itop Elite
823496470790 remoteproc: st: Call of_node_put() on iteration error
a1366ecb0905 remoteproc: stm32: Call of_node_put() on iteration error
f16bc5111cc6 sh: nmi_debug: fix return value of __setup handler
c9871a47f4ce sh: init: use OF_EARLY_FLATTREE for early init
111b08116dac sh: math-emu: fix macro redefined warning
8fb33166aed8 inotify: Avoid reporting event with invalid wd
0ccea97abe6d platform/x86: touchscreen_dmi: Add info for the Dexp Ursus 
KX210i
871641c7ebe5 cifs: fix pcchunk length type in smb2_copychunk_range
3e2b4bceaaf9 btrfs: print-tree: parent bytenr must be aligned to sector size
1e05bf5e80bb btrfs: don't free qgroup space unless specified
b232f5e8cf81 btrfs: fix btrfs_prev_leaf() to not return the same key twice
96f71f669bee perf symbols: Fix return incorrect build_id size in 
elf_read_build_id()
78190a6ebe4e perf map: Delete two variable initialisations before null 
pointer checks in sort__sym_from_cmp()
ffec80cc6761 perf vendor events power9: Remove UTF-8 characters from JSON 
files
62f1ebfe9aac virtio_net: suppress cpu stall when free_unused_bufs
1dc5faf30a6c virtio_net: split free_unused_bufs()
b15637e717ad net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz 
XTAL MT7621
544b0de2d767 ALSA: caiaq: input: Add error handling for unsupported input 
methods in `snd_usb_caiaq_input_init`
35f2642f4abd drm/amdgpu: add a missing lock for AMDGPU_SCHED
5cfe3f910f7c af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
fbcfa00386e1 ionic: remove noise from ethtool rxnfc error msg
4a56f1f6fe92 rxrpc: Fix hard call timeout units
dfa36eb38020 net/sched: act_mirred: Add carrier check
cc5ccfb7c0ee writeback: fix call of incorrect macro
9c1fcb97f98f net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
e80412439030 sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
cc5fe387c629 net/sched: cls_api: remove block_cb from driver_list before 
freeing
8acd3a28873f net/ncsi: clear Tx enable mode when handling a Config required 
AEN
bc0905a76531 relayfs: fix out-of-bounds access in relay_file_read
c038ae623a7c kernel/relay.c: fix read_pos error when multiple readers
4f4de392f492 crypto: safexcel - Cleanup ring IRQ workqueues on load failure
b9878f485d70 crypto: inside-secure - irq balance
439d3a7056d5 dm verity: fix error handling for check_at_most_once on FEC
 

[OE-core] [dunfell 1/5] linux-yocto/5.4: update to v5.4.238

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

6849d8c4a61a Linux 5.4.238
eb7716a054a6 HID: uhid: Over-ride the default maximum data buffer value 
with our own
b687ac70e66a HID: core: Provide new max_buffer_size attribute to over-ride 
the default
144019e81396 PCI: Unify delay handling for reset and resume
d2130f37a4a0 s390/ipl: add missing intersection check to ipl_report handling
3f5a833dca66 serial: 8250_em: Fix UART port type
c5afb97d1b51 drm/i915: Don't use stolen memory for ring buffers with LLC
8d26a4fecce5 x86/mm: Fix use of uninitialized buffer in sme_enable()
a976ff743eb1 fbdev: stifb: Provide valid pixelclock and add fb_check_var() 
checks
ac58b88ccbbb ftrace: Fix invalid address access in lookup_rec() when index 
is 0
65e4c9a6d0c9 KVM: nVMX: add missing consistency checks for CR0 and CR4
6fe55dce9dd6 tracing: Make tracepoint lockdep check actually test something
780f69a2685b tracing: Check field value in hist_field_name()
f1e3a20c6019 interconnect: fix mem leak when freeing nodes
325608ab60fa tty: serial: fsl_lpuart: skip waiting for transmission 
complete when UARTCTRL_SBK is asserted
c16cbd8233d6 ext4: fix possible double unlock when moving a directory
6a1bd14d5e34 sh: intc: Avoid spurious sizeof-pointer-div warning
bbf5eada4334 drm/amdkfd: Fix an illegal memory access
2c96c52aeaa6 ext4: fix task hung in ext4_xattr_delete_inode
20ba6f8a8073 ext4: fail ext4_iget if special inode unallocated
ab519e29891d jffs2: correct logic when creating a hole in jffs2_write_begin
00bfc67c65a1 mmc: atmel-mci: fix race between stop command and start of 
next command
75f6faae2de6 media: m5mols: fix off-by-one loop termination error
9eb394919c97 hwmon: (ina3221) return prober error code
26c176ce9028 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove 
due to race condition
13efd488d398 hwmon: (adt7475) Fix masking of hysteresis registers
0d3095e958f0 hwmon: (adt7475) Display smoothing attributes in correct order
674fce59d61d ethernet: sun: add check for the mdesc_grab()
71da5991b643 net/iucv: Fix size of interrupt data
e0d07a3203c3 net: usb: smsc75xx: Move packet length check to prevent kernel 
panic in skb_pull
5c06bd3de134 ipv4: Fix incorrect table ID in IOCTL path
c4fcfbf80c3c block: sunvdc: add check for mdesc_grab() returning NULL
04c394208831 nvmet: avoid potential UAF in nvmet_req_complete()
9fabdd79051a net: usb: smsc75xx: Limit packet length to skb->len
b0c202a8dc63 nfc: st-nci: Fix use after free bug in ndlc_remove due to race 
condition
668de67d4110 net: phy: smsc: bail out in lan87xx_read_status if 
genphy_read_status fails
5aaab217c8f5 net: tunnels: annotate lockless accesses to 
dev->needed_headroom
cba20ade78ef qed/qed_dev: guard against a possible division by zero
6e18f66b704b i40e: Fix kernel crash during reboot when adapter is in 
recovery mode
f0216046aeb8 ipvlan: Make skb->skb_iif track skb->dev for l3s mode
0f9c1f26d434 nfc: pn533: initialize struct pn533_out_arg properly
442aa78ed701 tcp: tcp_make_synack() can be called from process context
88c3d3bb6469 scsi: core: Fix a procfs host directory removal regression
4b4f5e34f08b scsi: core: Fix a comment in function scsi_host_dev_release()
0d59732f2a5b netfilter: nft_redir: correct value of inet type `.maxattrs`
90279211e96b ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
0b7057c52377 ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
5bb9fcaadb8c ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid
9efbdc743ded ALSA: hda - controller is in GPU on the DG1
fc52e51c2c30 ALSA: hda - add Intel DG1 PCI and HDMI ids
090305c36185 scsi: mpt3sas: Fix NULL pointer access in 
mpt3sas_transport_port_add()
b8849e31a056 docs: Correct missing "d_" prefix for dentry_operations member 
d_weak_revalidate
9e45e4571576 clk: HI655X: select REGMAP instead of depending on it
dac08e46f0ad drm/meson: fix 1px pink line on GXM when scaling video overlay
d7e48aa17a81 cifs: Move the in_send statistic to __smb_send_rqst()
06c208002d0d drm/panfrost: Don't sync rpm suspension after mmu flushing
c9900d1d86f0 xfrm: Allow transport-mode states with AF_UNSPEC selector
4008fb9ad474 ext4: fix cgroup writeback accounting with fs-layer encryption

Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.4.bb   |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb |  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index e0967223b9..46a1d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11

[OE-core] [dunfell 2/5] linux-yocto/5.4: update to v5.4.240

[Bruce Ashfield]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

32bea3bac5ca Linux 5.4.240
4d4cb7663613 gfs2: Always check inode size of inline inodes
928240c36891 firmware: arm_scmi: Fix device node validation for mailbox 
transport
0f5c0e0a4c0b net: sched: fix race condition in qdisc_graft()
22d95b544924 net_sched: add __rcu annotation to netdev->qdisc
14b6ad56df25 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
9b189af3577e btrfs: scan device in non-exclusive mode
45a9877d6cc3 s390/uaccess: add missing earlyclobber annotations to 
__clear_user()
0c6df5364798 drm/etnaviv: fix reference leak when mmaping imported buffer
37958ac31fe2 ALSA: usb-audio: Fix regression on detection of Roland VS-100
6dabafd82968 ALSA: hda/conexant: Partial revert of a quirk for Lenovo
f3a67268784c NFSv4: Fix hangs when recovering open state after a server 
reboot
c81e2965a9e0 pinctrl: at91-pio4: fix domain name assignment
82c25ac3a258 xen/netback: don't do grant copy across page boundary
99c8ba920fc2 Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report 
DMI table
657d7c215ca9 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
03af69bd674d cifs: prevent infinite recursion in CIFSGetDFSRefer()
51d657371106 Input: focaltech - use explicitly signed char type
f0f85f5e402b Input: alps - fix compatibility with -funsigned-char
7e71d4d190df pinctrl: ocelot: Fix alt mode for ocelot
70728d639efb net: mvneta: make tx buffer array agnostic
704e06b97920 net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
fd7cff506614 bnxt_en: Fix typo in PCI id to device description string 
mapping
58279cea0b10 i40e: fix registers dump after run ethtool adapter self test
5195de1d5f66 s390/vfio-ap: fix memory leak in vfio_ap device driver
78bc7f0ab994 can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
105cc2683282 net/net_failover: fix txq exceeding warning
e633fd26abfd regulator: Handle deferred clk
be7b622cd63f regulator: fix spelling mistake "Cant" -> "Can't"
46c4993a1514 ptp_qoriq: fix memory leak in probe()
c122daa0fa4c scsi: megaraid_sas: Fix crash after a double completion
317c07d382b1 mtd: rawnand: meson: invalidate cache on polling ECC bit
d65de5ee8b72 mips: bmips: BCM6358: disable RAC flush for TP1
9690e34f2247 dma-mapping: drop the dev argument to arch_sync_dma_for_*
f6e2d76aa362 ca8210: Fix unsigned mac_len comparison with zero in 
ca8210_skb_tx()
856fb74f601a fbdev: au1200fb: Fix potential divide by zero
deef33c08104 fbdev: lxfb: Fix potential divide by zero
4f5cc5ffa8c5 fbdev: intelfb: Fix potential divide by zero
868f247e47ef fbdev: nvidia: Fix potential divide by zero
f3359f5fc9b7 sched_getaffinity: don't assume 'cpumask_size()' is fully 
initialized
521877bf2651 fbdev: tgafb: Fix potential divide by zero
7f12f99b8017 ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
9155a5958ed0 ALSA: asihpi: check pao in control_message()
88a3c63a9635 md: avoid signed overflow in slot_store()
9966fc59d3a0 bus: imx-weim: fix branch condition evaluates to a garbage 
value
d121f7883a17 fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
4c24eb49ab44 ocfs2: fix data corruption after failed write
0c0e566f0387 tun: avoid double free in tun_free_netdev
d253120a580a sched/fair: Sanitize vruntime of entity being migrated
c23928c70bc8 sched/fair: sanitize vruntime of entity being placed
885c28ceae7d dm crypt: add cond_resched() to dmcrypt_write()
4a32a9a818a8 dm stats: check for and propagate alloc_percpu failure
f8cbad984b16 i2c: xgene-slimpro: Fix out-of-bounds bug in 
xgene_slimpro_i2c_xfer()
8f5cbf6a8c0e nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
4ae966a7f6a7 wifi: mac80211: fix qos on mesh interfaces
f558789a886c usb: chipidea: core: fix possible concurrent when switch role
6b3287b14739 usb: chipdea: core: fix return -EINVAL if request role is the 
same with current role
0b2a56fe4659 usb: cdns3: Fix issue with using incorrect PCI device function
e9e93fdfcefb dm thin: fix deadlock when swapping to thin device
cd1e320ac095 igb: revert rtnl_lock() that causes deadlock
123698a5c619 fsverity: Remove WQ_UNBOUND from fsverity read workqueue
0eda2004f38d usb: gadget: u_audio: don't let userspace block driver unbind
44f080d7d75a scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
223274d5c310 cifs: empty interface list when server doesn't support query 
interfaces
299a309b98df sh: sanitize the flags on sigreturn
f4c610f6ca13 net: usb: qmi_wwan: add Telit 0x1080 composition
e6b1fa6d0626 net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
04f4a1aa9410 scsi: lpfc: Avoid usage of list iterator variable after loop
11cdced6a03d scsi: ufs: core: Add soft dependency on go

Re: [OE-core][kirkstone][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

[Steve Sakoman]

On Mon, May 29, 2023 at 12:16 AM Riyaz Ahmed Khan  wrote:
>
> As upstream removed this BSD-4-clause license, there are still some files
> has this license. Below file affected by this BSD-4-clause contents when
> below command is executed
> grep -rl "All advertising materials mentioning features or use of this 
> software"
> *|grep -v \.1|grep -v \.5|grep -v \.8 | sort 
> openbsd-compat/libressl-api-compat.c
>
> All advertising materials mentioning features or use of this software
>
> Openssh upstream removes the bsd-4 license compeletely from this commit
> https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0
> Hence, Remove and backport this commit completely to remove license of 
> BSD-4-clause
> contents from codebase. Hunks are refreshed, removed couple of hunks from
> configure.ac and openbsd-compat/libressl-api-compat.c as hunk code
> is not prasent.

I'm getting fuzz errors with this patch:

WARNING: openssh-8.9p1-r0 do_patch: Fuzz detected:

Applying patch 7280401bdd77ca54be6867a154cc01e0d72612e0.patch
patching file .github/workflows/c-cpp.yml
patching file INSTALL
Hunk #1 succeeded at 20 (offset -1 lines).
patching file cipher-aes.c
patching file configure.ac
Hunk #2 succeeded at 2781 with fuzz 2 (offset -64 lines).
Hunk #3 succeeded at 2804 (offset -73 lines).
Hunk #4 succeeded at 2878 (offset -72 lines).
Hunk #5 succeeded at 3006 with fuzz 2 (offset -8 lines).
patching file openbsd-compat/libressl-api-compat.c
patching file openbsd-compat/openssl-compat.h
Hunk #2 succeeded at 80 (offset 25 lines).
Hunk #3 succeeded at 94 (offset 25 lines).

Please correct and send v3

Steve
> Signed-off-by: Riyaz Khan 
> ---
>  ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 986 ++
>  .../openssh/openssh_8.9p1.bb  |   1 +
>  2 files changed, 987 insertions(+)
>  create mode 100644 
> meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
>
> diff --git 
> a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
>  
> b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
> new file mode 100644
> index 00..d9c023e6b6
> --- /dev/null
> +++ 
> b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
> @@ -0,0 +1,986 @@
> +
> +
> +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
> +From: Damien Miller 
> +Date: Fri, 24 Mar 2023 13:56:25 +1100
> +Subject: [PATCH] remove support for old libcrypto
> +
> +OpenSSH now requires LibreSSL 3.1.0 or greater or
> +OpenSSL 1.1.1 or greater
> +
> +with/ok dtucker@
> +
> +Upstream-Status: Backport 
> [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
> +Comment: Hunk are refreshed, removed couple of hunks from configure.ac as 
> hunk code is not prasent
> +and backported to the existing code.
> +Signed-off-by: Riyaz Khan 
> +
> +---
> + .github/workflows/c-cpp.yml  |   7 -
> + INSTALL  |   8 +-
> + cipher-aes.c |   2 +-
> + configure.ac |  96 ++---
> + openbsd-compat/libressl-api-compat.c | 556 +--
> + openbsd-compat/openssl-compat.h  | 151 +---
> + 6 files changed, 40 insertions(+), 780 deletions(-)
> +
> +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
> +index 3d9aa22dba5..d299a32468d 100644
> +--- a/.github/workflows/c-cpp.yml
>  b/.github/workflows/c-cpp.yml
> +@@ -40,18 +40,11 @@
> +   - { os: ubuntu-20.04, configs: tcmalloc }
> +   - { os: ubuntu-20.04, configs: musl }
> +   - { os: ubuntu-latest, configs: libressl-master }
> +-  - { os: ubuntu-latest, configs: libressl-2.2.9 }
> +-  - { os: ubuntu-latest, configs: libressl-2.8.3 }
> +-  - { os: ubuntu-latest, configs: libressl-3.0.2 }
> +   - { os: ubuntu-latest, configs: libressl-3.2.6 }
> +   - { os: ubuntu-latest, configs: libressl-3.3.4 }
> +   - { os: ubuntu-latest, configs: libressl-3.4.1 }
> +   - { os: ubuntu-latest, configs: openssl-master }
> +   - { os: ubuntu-latest, configs: openssl-noec }
> +-  - { os: ubuntu-latest, configs: openssl-1.0.1 }
> +-  - { os: ubuntu-latest, configs: openssl-1.0.1u }
> +-  - { os: ubuntu-latest, configs: openssl-1.0.2u }
> +-  - { os: ubuntu-latest, configs: openssl-1.1.0h }
> +   - { os: ubuntu-latest, configs: openssl-1.1.1 }
> +   - { os: ubuntu-latest, configs: openssl-1.1.1k }
> +   - { os: ubuntu-latest, configs: openssl-3.0.0 }
> +diff --git a/INSTALL b/INSTALL
> +index 68b15e13190..f99d1e2a809 100644
> +--- a/INSTALL
>  b/INSTALL
> +@@ -21,12 +21,8 @@ https://zlib.net/
> +
> + libcrypto from either of LibreSSL or OpenSSL.  Building without libcrypto
> + is supported but severely restricts the available ciphers

Re: [OE-core] [PATCH] u-boot: do_compile depends on the value of UBOOT_LOCALVERSION

[Denys Dmytriyenko]

On Mon, May 29, 2023 at 01:41:00PM +0100, Richard Purdie wrote:
> On Sun, 2023-05-28 at 17:15 +, Denys Dmytriyenko wrote:
> > UBOOT_LOCALVERSION is often used to pass SCM commit SHA to the code
> > via populating .scmversion file at the start of do_compile(). Let's
> > explicitly mark do_compile() as depending on the the value of this
> > variable to avoid errors like this:
> > 
> > $ echo 'UBOOT_LOCALVERSION = "${SRCPV}"' >> conf/local.conf
> > $ bitbake u-boot




> > Loading cache: 100%
> > Loaded 0 entries from dependency cache.
> > WARNING: /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb: 
> > Exception during build_dependencies for do_compile
> > WARNING: /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb: Error 
> > during finalise of /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
> > ERROR: ExpansionError during parsing 
> > /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
> > Traceback (most recent call last):
> >   File "Var ", line 1, in 
> >   File "/OE/poky-master/bitbake/lib/bb/fetch2/__init__.py", line 784, in 
> > get_srcrev(d=, 
> > method_name='sortable_revision'):
> >  if not scms:
> > >raise FetchError("SRCREV was used yet no valid SCM was found 
> > in SRC_URI")
> > 
> > bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression 
> > was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: 
> > Fetcher failure: SRCREV was used yet no valid SCM was found in SRC_URI
> > The variable dependency chain for the failure is: SRCPV -> 
> > UBOOT_LOCALVERSION -> do_compile
> > 
> > ERROR: Parsing halted due to errors, see error messages above
> > 
> > Signed-off-by: Denys Dmytriyenko 
> > ---
> >  meta/recipes-bsp/u-boot/u-boot.inc | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/meta/recipes-bsp/u-boot/u-boot.inc 
> > b/meta/recipes-bsp/u-boot/u-boot.inc
> > index b3482dcef3..ec8108f5c9 100644
> > --- a/meta/recipes-bsp/u-boot/u-boot.inc
> > +++ b/meta/recipes-bsp/u-boot/u-boot.inc
> > @@ -23,6 +23,7 @@ PACKAGECONFIG[openssl] = ",,openssl-native"
> >  # u-boot build system and appended to the u-boot version.  If the 
> > .scmversion
> >  # file already exists it will not be overwritten.
> >  UBOOT_LOCALVERSION ?= ""
> > +do_compile[vardepvalue] = "${UBOOT_LOCALVERSION}"
> >  
> >  require u-boot-configure.inc
> >  
> 
> How would I reproduce this?

The instructions are in the description above.


> The fix looks a bit like a workaround and I'd like to understand what
> is really going on here.

This started happening recently after your change that empties SRC_URI for 
code parser cache handling in BB_HASH_CODEPARSER_VALS, as reported here:

https://lists.openembedded.org/g/openembedded-core/message/181726

-- 
Denys

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181874): 
https://lists.openembedded.org/g/openembedded-core/message/181874
Mute This Topic: https://lists.openembedded.org/mt/99185604/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH 1/5] recipetool: create: npm: Remove duplicate function to not have future conflicts

[Steve Sakoman]

Are these same issues present in the master branch?  If so, this
series should be submitted for the master branch first, and I will
then backport to kirkstone (and mickledore).

Steve

On Fri, May 26, 2023 at 8:25 PM  wrote:
>
> From: BELOUARGA Mohamed 
>
> Npm packages do not have yocto friendly names. fore instance we can have 
> names like
> "@example/npmPackage"
>
> npm fetcher has a function that convert these names to yocto friendly names.
> But in recipe tool we have an other function (duplicate).
>
> Signed-off-by: BELOUARGA Mohamed 
> ---
>  scripts/lib/recipetool/create_npm.py | 14 +++---
>  1 file changed, 3 insertions(+), 11 deletions(-)
>
> diff --git a/scripts/lib/recipetool/create_npm.py 
> b/scripts/lib/recipetool/create_npm.py
> index 3394a89970..e667a4d19b 100644
> --- a/scripts/lib/recipetool/create_npm.py
> +++ b/scripts/lib/recipetool/create_npm.py
> @@ -13,6 +13,7 @@ import sys
>  import tempfile
>  import bb
>  from bb.fetch2.npm import NpmEnvironment
> +from bb.fetch2.npm import npm_package
>  from bb.fetch2.npmsw import foreach_dependencies
>  from recipetool.create import RecipeHandler
>  from recipetool.create import get_license_md5sums
> @@ -30,15 +31,6 @@ def tinfoil_init(instance):
>  class NpmRecipeHandler(RecipeHandler):
>  """Class to handle the npm recipe creation"""
>
> -@staticmethod
> -def _npm_name(name):
> -"""Generate a Yocto friendly npm name"""
> -name = re.sub("/", "-", name)
> -name = name.lower()
> -name = re.sub(r"[^\-a-z0-9]", "", name)
> -name = name.strip("-")
> -return name
> -
>  @staticmethod
>  def _get_registry(lines):
>  """Get the registry value from the 'npm://registry' url"""
> @@ -143,7 +135,7 @@ class NpmRecipeHandler(RecipeHandler):
>
>  # Handle the dependencies
>  def _handle_dependency(name, params, deptree):
> -suffix = "-".join([self._npm_name(dep) for dep in deptree])
> +suffix = "-".join([npm_package(dep) for dep in deptree])
>  destdirs = [os.path.join("node_modules", dep) for dep in deptree]
>  destdir = os.path.join(*destdirs)
>  packages["${PN}-" + suffix] = destdir
> @@ -173,7 +165,7 @@ class NpmRecipeHandler(RecipeHandler):
>  if "name" not in data or "version" not in data:
>  return False
>
> -extravalues["PN"] = self._npm_name(data["name"])
> +extravalues["PN"] = npm_package(data["name"])
>  extravalues["PV"] = data["version"]
>
>  if "description" in data:
> --
> 2.25.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181873): 
https://lists.openembedded.org/g/openembedded-core/message/181873
Mute This Topic: https://lists.openembedded.org/mt/99163838/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] u-boot: do_compile depends on the value of UBOOT_LOCALVERSION

[Richard Purdie]

On Sun, 2023-05-28 at 17:15 +, Denys Dmytriyenko wrote:
> UBOOT_LOCALVERSION is often used to pass SCM commit SHA to the code
> via populating .scmversion file at the start of do_compile(). Let's
> explicitly mark do_compile() as depending on the the value of this
> variable to avoid errors like this:
> 
> $ echo 'UBOOT_LOCALVERSION = "${SRCPV}"' >> conf/local.conf
> $ bitbake u-boot
> Loading cache: 100%
> Loaded 0 entries from dependency cache.
> WARNING: /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb: Exception 
> during build_dependencies for do_compile
> WARNING: /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb: Error 
> during finalise of /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
> ERROR: ExpansionError during parsing 
> /OE/poky-master/meta/recipes-bsp/u-boot/u-boot_2023.04.bb
> Traceback (most recent call last):
>   File "Var ", line 1, in 
>   File "/OE/poky-master/bitbake/lib/bb/fetch2/__init__.py", line 784, in 
> get_srcrev(d=, 
> method_name='sortable_revision'):
>  if not scms:
> >raise FetchError("SRCREV was used yet no valid SCM was found in 
> SRC_URI")
> 
> bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression 
> was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: Fetcher 
> failure: SRCREV was used yet no valid SCM was found in SRC_URI
> The variable dependency chain for the failure is: SRCPV -> UBOOT_LOCALVERSION 
> -> do_compile
> 
> ERROR: Parsing halted due to errors, see error messages above
> 
> Signed-off-by: Denys Dmytriyenko 
> ---
>  meta/recipes-bsp/u-boot/u-boot.inc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/recipes-bsp/u-boot/u-boot.inc 
> b/meta/recipes-bsp/u-boot/u-boot.inc
> index b3482dcef3..ec8108f5c9 100644
> --- a/meta/recipes-bsp/u-boot/u-boot.inc
> +++ b/meta/recipes-bsp/u-boot/u-boot.inc
> @@ -23,6 +23,7 @@ PACKAGECONFIG[openssl] = ",,openssl-native"
>  # u-boot build system and appended to the u-boot version.  If the .scmversion
>  # file already exists it will not be overwritten.
>  UBOOT_LOCALVERSION ?= ""
> +do_compile[vardepvalue] = "${UBOOT_LOCALVERSION}"
>  
>  require u-boot-configure.inc
>  

How would I reproduce this?

The fix looks a bit like a workaround and I'd like to understand what
is really going on here.

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181872): 
https://lists.openembedded.org/g/openembedded-core/message/181872
Mute This Topic: https://lists.openembedded.org/mt/99185604/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

[Richard Purdie]

On Mon, 2023-05-29 at 15:12 +0530, Sundeep KOKKONDA wrote:
> Cargo build is failing on 32-bit machines with a 'signal: 11, SIGSEGV: 
> invalid memory reference error'.
> This is a workaround to disable the Debug builds for 32-bit machines.
> 
> Signed-off-by: Sundeep KOKKONDA 
> ---
>  meta/classes-recipe/cargo.bbclass | 5 +
>  1 file changed, 5 insertions(+)
> 
> diff --git a/meta/classes-recipe/cargo.bbclass 
> b/meta/classes-recipe/cargo.bbclass
> index 7a8cc1e751..bc5ca4fdc6 100644
> --- a/meta/classes-recipe/cargo.bbclass
> +++ b/meta/classes-recipe/cargo.bbclass
> @@ -38,6 +38,11 @@ CARGO_SRC_DIR ??= ""
>  MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml"
>  
>  RUSTFLAGS ??= ""
> +DEBUG_BUILD:qemuarm = '0'
> +DEBUG_BUILD:qemuppc = '0'
> +DEBUG_BUILD:qemumips = '0'
> +DEBUG_BUILD:qemux86 = '0'
> +DEBUG_BUILD:virtclass-multilib-lib32 = '0'
>  BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}"
>  CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} 
> --manifest-path=${MANIFEST_PATH}"
> 

Whilst I understand the intent here, I'm not sure this is a good idea,
The reasons coming to mind are:

a) We don't set DEBUG_BUILD in OE-Core or do testing of that afaik
b) We should really be fixing cargo, not hacking around it
c) This "fixes" those machines but not any other 32 bit machine. Should
it be target-arch specific if we do want to do it?

Do we know why this is breaking?

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181871): 
https://lists.openembedded.org/g/openembedded-core/message/181871
Mute This Topic: https://lists.openembedded.org/mt/99196585/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe-core][PATCH 2/4] python3: add libxcrypt-native dependency

[Richard Purdie]

On Mon, 2023-05-29 at 14:02 +0200, Markus Volk wrote:
> Am Mo, 29. Mai 2023 um 08:08:09 +0100 schrieb Richard Purdie
> :
> > Alex is right and I should have spotted this, the -native
> > dependency
> > definitely isn't right. We'll either need to fix things or revert
> > them
> > and wait for the right fix...
> 
> 
> Absolutely. I had a quick look at native.bbclass yesterday, but
> haven't found a nice way to deal with this yet.  This week I'm on
> night shift and therefore have rather little time to deal with the
> problem. I can send v2 patches which just add
> 
> DEPENDS:append:class-native = " libxcrypt-native"
> 
> But revert would also be fine for me, as this is more of a niche
> problem

I'm going to revert those changes and then we can work out the correct
fix without any time pressures (and then I won't need to keep this on
my 'need to do something about' mental checklist!).

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181870): 
https://lists.openembedded.org/g/openembedded-core/message/181870
Mute This Topic: https://lists.openembedded.org/mt/99167320/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] Revert "python3/ruby/shadow: Revert add libxcrypt-native dependency"

[Richard Purdie]

This reverts commit c6198e1b1c3e3a3413b6ff9f014b40114f1850db.
This reverts commit 167c2c9f15c1bfe401c0512e420a76fa1379c012.
This reverts commit 65532fc751dc00e5568e256166f7b259d3a3c06c.

The dependencies should not be a -native in the target case. Revert
these whilst the proper patch is worked out.

Signed-off-by: Richard Purdie 
---
 meta/recipes-devtools/python/python3_3.11.2.bb | 2 +-
 meta/recipes-devtools/ruby/ruby_3.2.2.bb   | 2 +-
 meta/recipes-extended/shadow/shadow.inc| 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-devtools/python/python3_3.11.2.bb 
b/meta/recipes-devtools/python/python3_3.11.2.bb
index 1ca4ad35bea..421a305e22f 100644
--- a/meta/recipes-devtools/python/python3_3.11.2.bb
+++ b/meta/recipes-devtools/python/python3_3.11.2.bb
@@ -72,7 +72,7 @@ ALTERNATIVE_LINK_NAME[python3-config] = 
"${bindir}/python${PYTHON_MAJMIN}-config
 ALTERNATIVE_TARGET[python3-config] = 
"${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}"
 
 
-DEPENDS = "bzip2-replacement-native expat libffi bzip2 openssl sqlite3 zlib 
virtual/libintl xz virtual/crypt util-linux-libuuid libtirpc libnsl2 
autoconf-archive-native ncurses libxcrypt-native"
+DEPENDS = "bzip2-replacement-native expat libffi bzip2 openssl sqlite3 zlib 
virtual/libintl xz virtual/crypt util-linux-libuuid libtirpc libnsl2 
autoconf-archive-native ncurses"
 DEPENDS:append:class-target = " python3-native"
 DEPENDS:append:class-nativesdk = " python3-native"
 
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb 
b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
index d1900bfa4bc..481fe7c23d8 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=5b8c87559868796979806100db3f3805 \
 file://LEGAL;md5=bcd74b47bbaf2051c5e49811a5faa97a \
 "
 
-DEPENDS = "zlib openssl libyaml gdbm readline libffi libxcrypt-native"
+DEPENDS = "zlib openssl libyaml gdbm readline libffi"
 DEPENDS:append:class-target = " ruby-native"
 DEPENDS:append:class-nativesdk = " ruby-native"
 
diff --git a/meta/recipes-extended/shadow/shadow.inc 
b/meta/recipes-extended/shadow/shadow.inc
index 7206bfdf020..cf05a3af93c 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \
 
file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 
\
 "
 
-DEPENDS = "virtual/crypt libxcrypt-native"
+DEPENDS = "virtual/crypt"
 
 GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases";
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181869): 
https://lists.openembedded.org/g/openembedded-core/message/181869
Mute This Topic: https://lists.openembedded.org/mt/99198775/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 4/4] curl: Fix CVE-2023-28322

[BINDU]

From: Bhabu Bindu 

Add patches to fix CVE-2023-28322

more POST-after-PUT confusion

When doing HTTP(S) transfers, libcurl might erroneously use the read
callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when
the `CURLOPT_POSTFIELDS` option has been set, if the same handle
previously was used to issue a `PUT` request which used that callback.

This flaw may surprise the application and cause it to misbehave and
either send off the wrong data or use memory after free or similar in
the second transfer.The problem exists in the logic for a reused
handle when it is (expected tobe) changed from a PUT to a POST.

CVE-2023-28322-1.patch is a supporting patch to resolve hunk
error in the actual patch file : CVE-2023-28322-2.patch

Link: https://curl.se/docs/CVE-2023-28322.html

Signed-off-by: Bhabu Bindu 
---
 .../curl/curl/CVE-2023-28322-1.patch  |  84 
 .../curl/curl/CVE-2023-28322-2.patch  | 436 ++
 meta/recipes-support/curl/curl_7.82.0.bb  |   2 +
 3 files changed, 522 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28322-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28322-2.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch
new file mode 100644
index 00..547127001d
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch
@@ -0,0 +1,84 @@
+From efbf02111aa66bda9288506b7d5cc0226bf5453e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Sun, 12 Feb 2023 13:24:08 +0100
+Subject: [PATCH] smb: return error on upload without size
+
+The protocol needs to know the size ahead of time, this is now a known
+restriction and not a bug.
+
+Also output a clearer error if the URL path does not contain proper
+share.
+
+Ref: #7896
+Closes #10484
+
+CVE: CVE-2023-28322
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/efbf02111aa66bda9288506b7d5cc0226bf5453e]
+Comments: Hunks refreshed
+Signed-off-by: Bhabu Bindu 
+---
+ docs/KNOWN_BUGS| 5 -
+ docs/URL-SYNTAX.md | 3 +++
+ lib/smb.c  | 6 ++
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
+index cbf5be352a279..a515e7a59bdfd 100644
+--- a/docs/KNOWN_BUGS
 b/docs/KNOWN_BUGS
+@@ -58,7 +58,6 @@
+  5.7 Visual Studio project gaps
+  5.8 configure finding libs in wrong directory
+  5.9 Utilize Requires.private directives in libcurl.pc
+- 5.10 curl hangs on SMB upload over stdin
+  5.11 configure --with-gssapi with Heimdal is ignored on macOS
+  5.12 flaky Windows CI builds
+
+@@ -332,10 +331,6 @@ problems may have been fixed or changed somewhat since 
this was written.
+ 
+  https://github.com/curl/curl/issues/864
+ 
+-5.10 curl hangs on SMB upload over stdin
+-
+- See https://github.com/curl/curl/issues/7896
+-
+ 5.11 configure --with-gssapi with Heimdal is ignored on macOS
+ 
+  ... unless you also pass --with-gssapi-libs
+diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md
+index 691fcceacd66c..802bbdef96979 100644
+--- a/docs/URL-SYNTAX.md
 b/docs/URL-SYNTAX.md
+@@ -360,6 +360,9 @@ share and directory or the share to upload to and as such, 
may not be omitted.
+ If the user name is embedded in the URL then it must contain the domain name
+ and as such, the backslash must be URL encoded as %2f.
+ 
++When uploading to SMB, the size of the file needs to be known ahead of time,
++meaning that you can upload a file passed to curl over a pipe like stdin.
++
+ curl supports SMB version 1 (only)
+ 
+ ## SMTP
+diff --git a/lib/smb.c b/lib/smb.c
+index 8a76763c157ce..dc0abe784bcee 100644
+--- a/lib/smb.c
 b/lib/smb.c
+@@ -763,6 +763,11 @@ static CURLcode smb_request_state(struct Curl_easy *data, 
bool *done)
+   void *msg = NULL;
+   const struct smb_nt_create_response *smb_m;
+ 
++  if(data->set.upload && (data->state.infilesize < 0)) {
++failf(data, "SMB upload needs to know the size up front");
++return CURLE_SEND_ERROR;
++  }
++
+   /* Start the request */
+   if(req->state == SMB_REQUESTING) {
+ result = smb_send_tree_connect(data);
+@@ -993,6 +998,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data,
+   /* The share must be present */
+   if(!slash) {
+ Curl_safefree(smbc->share);
++failf(data, "missing share in URL path for SMB");
+ return CURLE_URL_MALFORMAT;
+   }
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch
new file mode 100644
index 00..f2134dd1c3
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch
@@ -0,0 +1,436 @@
+From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Tue, 25 Apr 2023 08:28:01 +0200
+Subject: [PATCH] lib: unify the upload/method handling
+
+By making sure we set state.upload based on the set.method value and not
+independently as set.upload, we reduce confusion and 

[OE-core][kirkstone][PATCH 3/4] curl: Fix CVE-2023-28321

[BINDU]

From: Bhabu Bindu 

Add patch to fix CVE-2023-28321

IDN wildcard match

curl supports matching of wildcard patterns when listed as
"Subject Alternative Name" in TLS server certificates. curl can be
built to use its own name matching function for TLS rather than one
provided by a TLS library. This private wildcard matching function
would match IDN (International Domain Name)hosts incorrectly and
could as a result accept patterns that otherwise should mismatch.

IDN hostnames are converted to puny code before used for certificate
checks. Puny coded names always start with `xn--` and should not be
allowed to pattern match, but the wildcard check in curl could still
check for `x*`,which would match even though the IDN name most likely
contained nothing even resembling an `x`.

Link: https://curl.se/docs/CVE-2023-28321.html

Signed-off-by: Bhabu Bindu 
---
 .../curl/curl/CVE-2023-28321.patch| 302 ++
 meta/recipes-support/curl/curl_7.82.0.bb  |   1 +
 2 files changed, 303 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28321.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28321.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28321.patch
new file mode 100644
index 00..bcd8b112db
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28321.patch
@@ -0,0 +1,302 @@
+From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 24 Apr 2023 21:07:02 +0200
+Subject: [PATCH] hostcheck: fix host name wildcard checking
+
+The leftmost "label" of the host name can now only match against single
+'*'. Like the browsers have worked for a long time.
+
+- extended unit test 1397 for this
+- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
+
+Reported-by: Hiroki Kurosawa
+Closes #11018
+
+CVE: CVE-2023-28321
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/199f2d440d8659b42]
+Comments: Hunks removed as changes already exist
+Removed hunks from files: 
+tests/unit/Makefile.am 
+tests/unit/Makefile.inc
+Signed-off-by: Bhabu Bindu 
+---
+ lib/vtls/hostcheck.c|  50 +++
+ tests/data/test1397 |  10 ++-
+ tests/unit/Makefile.am  |  94 
+ tests/unit/Makefile.inc |  94 
+ tests/unit/unit1397.c   | 134 
+ 5 files changed, 202 insertions(+), 180 deletions(-)
+
+diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
+index e827dc58f378c..d061c6356f97f 100644
+--- a/lib/vtls/hostcheck.c
 b/lib/vtls/hostcheck.c
+@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen,
+  * apparent distinction between a name and an IP. We need to detect the use of
+  * an IP address and not wildcard match on such names.
+  *
++ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
++ * "*b".
++ *
+  * Return TRUE on a match. FALSE if not.
++ *
++ * @unittest: 1397
+  */
+ 
+ static bool hostmatch(const char *hostname,
+@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname,
+   const char *pattern,
+   size_t patternlen)
+ {
+-  const char *pattern_label_end, *wildcard, *hostname_label_end;
+-  size_t prefixlen, suffixlen;
++  const char *pattern_label_end;
+ 
+-  /* normalize pattern and hostname by stripping off trailing dots */
++  DEBUGASSERT(pattern);
+   DEBUGASSERT(patternlen);
++  DEBUGASSERT(hostname);
++  DEBUGASSERT(hostlen);
++
++  /* normalize pattern and hostname by stripping off trailing dots */
+   if(hostname[hostlen-1]=='.')
+ hostlen--;
+   if(pattern[patternlen-1]=='.')
+ patternlen--;
+ 
+-  wildcard = memchr(pattern, '*', patternlen);
+-  if(!wildcard)
++  if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen);
+ 
+   /* detect IP address as hostname and fail the match if so */
+-  if(Curl_host_is_ipnum(hostname))
++  else if(Curl_host_is_ipnum(hostname))
+ return FALSE;
+ 
+   /* We require at least 2 dots in the pattern to avoid too wide wildcard
+  match. */
+   pattern_label_end = memchr(pattern, '.', patternlen);
+   if(!pattern_label_end ||
+- (memrchr(pattern, '.', patternlen) == pattern_label_end) ||
+- strncasecompare(pattern, "xn--", 4))
++ (memrchr(pattern, '.', patternlen) == pattern_label_end))
+ return pmatch(hostname, hostlen, pattern, patternlen);
+-
+-  hostname_label_end = memchr(hostname, '.', hostlen);
+-  if(!hostname_label_end)
+-return FALSE;
+   else {
+-size_t skiphost = hostname_label_end - hostname;
+-size_t skiplen = pattern_label_end - pattern;
+-if(!pmatch(hostname_label_end, hostlen - skiphost,
+-   pattern_label_end, patternlen - skiplen))
+-  return FALSE;
++const char *hostname_label_end = memchr(hostname, '.', hostlen);
++if(hostname_label_end) {
++  size_t skiphost = hostname_label_end - hostname;
++  size_t skiplen = p

[OE-core][kirkstone][PATCH 2/4] curl: Fix CVE-2023-28320

[BINDU]

From: Bhabu Bindu 

Add patch to fix CVE-2023-28320

siglongjmp race condition

libcurl provides several different backends for resolving host names,
selectedat build time. If it is built to use the synchronous resolver,
it allows nameresolves to time-out slow operations using `alarm()` and
`siglongjmp()`.

When doing this, libcurl used a global buffer that was not mutex
protected anda multi-threaded application might therefore
crash or otherwise misbehave.

Link: https://curl.se/docs/CVE-2023-28320.html

Signed-off-by: Bhabu Bindu 
---
 .../curl/curl/CVE-2023-28320.patch| 83 +++
 meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
 2 files changed, 84 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28320.patch
new file mode 100644
index 00..1e0fc7534a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28320.patch
@@ -0,0 +1,83 @@
+From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001
+From: Harry Sintonen 
+Date: Tue, 25 Apr 2023 09:22:26 +0200
+Subject: [PATCH] hostip: add locks around use of global buffer for alarm()
+
+When building with the sync name resolver and timeout ability we now
+require thread-safety to be present to enable it.
+
+Closes #11030
+
+CVE: CVE-2023-28320
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/13718030ad4b3209a7583b]
+Signed-off-by: Bhabu Bindu 
+---
+ lib/hostip.c | 19 +++
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/lib/hostip.c b/lib/hostip.c
+index 2381290fdd43e..e410cda69ae6e 100644
+--- a/lib/hostip.c
 b/lib/hostip.c
+@@ -70,12 +70,19 @@
+ #include 
+ #endif
+ 
+-#if defined(CURLRES_SYNCH) && \
+-defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
++#if defined(CURLRES_SYNCH) &&   \
++  defined(HAVE_ALARM) &&\
++  defined(SIGALRM) &&   \
++  defined(HAVE_SIGSETJMP) &&\
++  defined(GLOBAL_INIT_IS_THREADSAFE)
+ /* alarm-based timeouts can only be used with all the dependencies satisfied 
*/
+ #define USE_ALARM_TIMEOUT
+ #endif
+ 
++#ifdef USE_ALARM_TIMEOUT
++#include "easy_lock.h"
++#endif
++
+ #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero 
*/
+ 
+ /*
+@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data)
+ Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+ }
+ 
+-#ifdef HAVE_SIGSETJMP
++#ifdef USE_ALARM_TIMEOUT
+ /* Beware this is a global and unique instance. This is used to store the
+return address that we can jump back to from inside a signal handler. This
+is not thread-safe stuff. */
+ sigjmp_buf curl_jmpenv;
++curl_simple_lock curl_jmpenv_lock;
+ #endif
+ 
+ /* lookup address, returns entry if found and not stale */
+@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
+ static
+ void alarmfunc(int sig)
+ {
+-  /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
+   (void)sig;
+   siglongjmp(curl_jmpenv, 1);
+ }
+@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
+  This should be the last thing we do before calling Curl_resolv(),
+  as otherwise we'd have to worry about variables that get modified
+  before we invoke Curl_resolv() (and thus use "volatile"). */
++  curl_simple_lock_lock(&curl_jmpenv_lock);
++
+   if(sigsetjmp(curl_jmpenv, 1)) {
+ /* this is coming from a siglongjmp() after an alarm signal */
+ failf(data, "name lookup timed out");
+@@ -980,6 +989,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
+ #endif
+ #endif /* HAVE_SIGACTION */
+ 
++  curl_simple_lock_unlock(&curl_jmpenv_lock);
++
+   /* switch back the alarm() to either zero or to what it was before minus
+  the time we spent until now! */
+   if(prev_alarm) {
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index e38bf14cc4..422c2bec0f 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -46,6 +46,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-27535_and_CVE-2023-27538.patch \
file://CVE-2023-27536.patch \
file://CVE-2023-28319.patch \
+   file://CVE-2023-28320.patch \
"
 SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181866): 
https://lists.openembedded.org/g/openembedded-core/message/181866
Mute This Topic: https://lists.openembedded.org/mt/99197952/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/4] curl: Fix CVE-2023-28319

[BINDU]

From: Bhabu Bindu 

Add patch to fix CVE-2023-28319

UAF in SSH sha256 fingerprint check

libcurl offers a feature to verify an SSH server's public key using
a SHA 256hash. When this check fails, libcurl would free the memory
for the fingerprintbefore it returns an error message containing the
(now freed) hash.

This flaw risks inserting sensitive heap-based data into the error
message that might be shown to users or otherwise get
leaked and revealed.

Link: https://curl.se/docs/CVE-2023-28319.html

Signed-off-by: Bhabu Bindu 
---
 .../curl/curl/CVE-2023-28319.patch| 33 +++
 meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28319.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28319.patch 
b/meta/recipes-support/curl/curl/CVE-2023-28319.patch
new file mode 100644
index 00..c0bca9a56e
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28319.patch
@@ -0,0 +1,33 @@
+From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 8 May 2023 14:33:54 +0200
+Subject: [PATCH] libssh2: free fingerprint better
+
+Reported-by: Wei Chong Tan
+Closes #11088
+
+CVE: CVE-2023-28319
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c]
+Comments: Hunks Refreshed
+Signed-off-by: Bhabu Bindu 
+---
+ lib/vssh/libssh2.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
+index bfcc94e160178..dd39a844c646b 100644
+--- a/lib/vssh/libssh2.c
 b/lib/vssh/libssh2.c
+@@ -695,11 +695,10 @@
+  */
+ if((pub_pos != b64_pos) ||
+ Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
+-  free(fingerprint_b64);
+-
+   failf(data,
+   "Denied establishing ssh session: mismatch sha256 fingerprint. "
+   "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
++  free(fingerprint_b64);
+   state(data, SSH_SESSION_FREE);
+   sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+   return sshc->actualcode;
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index 70ceb9f370..e38bf14cc4 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -45,6 +45,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-27535-pre1.patch \
file://CVE-2023-27535_and_CVE-2023-27538.patch \
file://CVE-2023-27536.patch \
+   file://CVE-2023-28319.patch \
"
 SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181865): 
https://lists.openembedded.org/g/openembedded-core/message/181865
Mute This Topic: https://lists.openembedded.org/mt/99197951/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH v2] openssh: Remove BSD-4-clause contents completely from codebase

[Riyaz Ahmed Khan]

As upstream removed this BSD-4-clause license, there are still some files
has this license. Below file affected by this BSD-4-clause contents when
below command is executed
grep -rl "All advertising materials mentioning features or use of this software"
*|grep -v \.1|grep -v \.5|grep -v \.8 | sort 
openbsd-compat/libressl-api-compat.c

All advertising materials mentioning features or use of this software

Openssh upstream removes the bsd-4 license compeletely from this commit
https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0
Hence, Remove and backport this commit completely to remove license of 
BSD-4-clause
contents from codebase. Hunks are refreshed, removed couple of hunks from
configure.ac and openbsd-compat/libressl-api-compat.c as hunk code
is not prasent.

Signed-off-by: Riyaz Khan 
---
 ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 986 ++
 .../openssh/openssh_8.9p1.bb  |   1 +
 2 files changed, 987 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
 
b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
new file mode 100644
index 00..d9c023e6b6
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
@@ -0,0 +1,986 @@
+
+  
+From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
+From: Damien Miller 
+Date: Fri, 24 Mar 2023 13:56:25 +1100
+Subject: [PATCH] remove support for old libcrypto
+
+OpenSSH now requires LibreSSL 3.1.0 or greater or
+OpenSSL 1.1.1 or greater
+
+with/ok dtucker@
+
+Upstream-Status: Backport 
[https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
+Comment: Hunk are refreshed, removed couple of hunks from configure.ac as hunk 
code is not prasent
+and backported to the existing code.
+Signed-off-by: Riyaz Khan 
+
+---
+ .github/workflows/c-cpp.yml  |   7 -
+ INSTALL  |   8 +-
+ cipher-aes.c |   2 +-
+ configure.ac |  96 ++---
+ openbsd-compat/libressl-api-compat.c | 556 +--
+ openbsd-compat/openssl-compat.h  | 151 +---
+ 6 files changed, 40 insertions(+), 780 deletions(-)
+
+diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
+index 3d9aa22dba5..d299a32468d 100644
+--- a/.github/workflows/c-cpp.yml
 b/.github/workflows/c-cpp.yml
+@@ -40,18 +40,11 @@
+   - { os: ubuntu-20.04, configs: tcmalloc }
+   - { os: ubuntu-20.04, configs: musl }
+   - { os: ubuntu-latest, configs: libressl-master }
+-  - { os: ubuntu-latest, configs: libressl-2.2.9 }
+-  - { os: ubuntu-latest, configs: libressl-2.8.3 }
+-  - { os: ubuntu-latest, configs: libressl-3.0.2 }
+   - { os: ubuntu-latest, configs: libressl-3.2.6 }
+   - { os: ubuntu-latest, configs: libressl-3.3.4 }
+   - { os: ubuntu-latest, configs: libressl-3.4.1 }
+   - { os: ubuntu-latest, configs: openssl-master }
+   - { os: ubuntu-latest, configs: openssl-noec }
+-  - { os: ubuntu-latest, configs: openssl-1.0.1 }
+-  - { os: ubuntu-latest, configs: openssl-1.0.1u }
+-  - { os: ubuntu-latest, configs: openssl-1.0.2u }
+-  - { os: ubuntu-latest, configs: openssl-1.1.0h }
+   - { os: ubuntu-latest, configs: openssl-1.1.1 }
+   - { os: ubuntu-latest, configs: openssl-1.1.1k }
+   - { os: ubuntu-latest, configs: openssl-3.0.0 }
+diff --git a/INSTALL b/INSTALL
+index 68b15e13190..f99d1e2a809 100644
+--- a/INSTALL
 b/INSTALL
+@@ -21,12 +21,8 @@ https://zlib.net/
+
+ libcrypto from either of LibreSSL or OpenSSL.  Building without libcrypto
+ is supported but severely restricts the available ciphers and algorithms.
+- - LibreSSL (https://www.libressl.org/)
+- - OpenSSL (https://www.openssl.org) with any of the following versions:
+-   - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
+-
+-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
+-1.1.0g can't be used.
++ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
++ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
+
+ LibreSSL/OpenSSL should be compiled as a position-independent library
+ (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
+diff --git a/cipher-aes.c b/cipher-aes.c
+index 8b101727284..87c763353d8 100644
+--- a/cipher-aes.c
 b/cipher-aes.c
+@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, 
const u_char *iv,
+
+ static int
+ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+-LIBCRYPTO_EVP_INL_TYPE len)
++size_t len)
+ {
+   struct ssh_rijndael_ctx *c;
+   u_char buf[RIJNDAEL_BLOCKSIZE];
+

[OE-core][kirkstone][PATCH] openssh: Remove BSD-4-clause contents completely from codebase

[Riyaz Ahmed Khan]

As upstream removed this BSD-4-clause license, there are still some files
has this license. Below file affected by this BSD-4-clause contents when
below command is executed
grep -rl "All advertising materials mentioning features or use of this software"
*|grep -v \.1|grep -v \.5|grep -v \.8 | sort 
openbsd-compat/libressl-api-compat.c

All advertising materials mentioning features or use of this software

Openssh upstream removes the bsd-4 license compeletely from this commit
https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0
Hence, Remove and backport this commit completely to remove license of 
BSD-4-clause
contents from codebase. Hunks are refreshed, removed couple of hunks from
configure.ac and openbsd-compat/libressl-api-compat.c as hunk code
is not prasent.

Upstream-Status: Pending

Issue: MGUBSYS-7216, NODE0DEV-6619

Signed-off-by: Riyaz Khan 
---
 ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 986 ++
 .../openssh/openssh_8.9p1.bb  |   1 +
 2 files changed, 987 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
 
b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
new file mode 100644
index 00..d9c023e6b6
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
@@ -0,0 +1,986 @@
+
+  
+From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
+From: Damien Miller 
+Date: Fri, 24 Mar 2023 13:56:25 +1100
+Subject: [PATCH] remove support for old libcrypto
+
+OpenSSH now requires LibreSSL 3.1.0 or greater or
+OpenSSL 1.1.1 or greater
+
+with/ok dtucker@
+
+Upstream-Status: Backport 
[https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
+Comment: Hunk are refreshed, removed couple of hunks from configure.ac as hunk 
code is not prasent
+and backported to the existing code.
+Signed-off-by: Riyaz Khan 
+
+---
+ .github/workflows/c-cpp.yml  |   7 -
+ INSTALL  |   8 +-
+ cipher-aes.c |   2 +-
+ configure.ac |  96 ++---
+ openbsd-compat/libressl-api-compat.c | 556 +--
+ openbsd-compat/openssl-compat.h  | 151 +---
+ 6 files changed, 40 insertions(+), 780 deletions(-)
+
+diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
+index 3d9aa22dba5..d299a32468d 100644
+--- a/.github/workflows/c-cpp.yml
 b/.github/workflows/c-cpp.yml
+@@ -40,18 +40,11 @@
+   - { os: ubuntu-20.04, configs: tcmalloc }
+   - { os: ubuntu-20.04, configs: musl }
+   - { os: ubuntu-latest, configs: libressl-master }
+-  - { os: ubuntu-latest, configs: libressl-2.2.9 }
+-  - { os: ubuntu-latest, configs: libressl-2.8.3 }
+-  - { os: ubuntu-latest, configs: libressl-3.0.2 }
+   - { os: ubuntu-latest, configs: libressl-3.2.6 }
+   - { os: ubuntu-latest, configs: libressl-3.3.4 }
+   - { os: ubuntu-latest, configs: libressl-3.4.1 }
+   - { os: ubuntu-latest, configs: openssl-master }
+   - { os: ubuntu-latest, configs: openssl-noec }
+-  - { os: ubuntu-latest, configs: openssl-1.0.1 }
+-  - { os: ubuntu-latest, configs: openssl-1.0.1u }
+-  - { os: ubuntu-latest, configs: openssl-1.0.2u }
+-  - { os: ubuntu-latest, configs: openssl-1.1.0h }
+   - { os: ubuntu-latest, configs: openssl-1.1.1 }
+   - { os: ubuntu-latest, configs: openssl-1.1.1k }
+   - { os: ubuntu-latest, configs: openssl-3.0.0 }
+diff --git a/INSTALL b/INSTALL
+index 68b15e13190..f99d1e2a809 100644
+--- a/INSTALL
 b/INSTALL
+@@ -21,12 +21,8 @@ https://zlib.net/
+
+ libcrypto from either of LibreSSL or OpenSSL.  Building without libcrypto
+ is supported but severely restricts the available ciphers and algorithms.
+- - LibreSSL (https://www.libressl.org/)
+- - OpenSSL (https://www.openssl.org) with any of the following versions:
+-   - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
+-
+-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
+-1.1.0g can't be used.
++ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
++ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
+
+ LibreSSL/OpenSSL should be compiled as a position-independent library
+ (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
+diff --git a/cipher-aes.c b/cipher-aes.c
+index 8b101727284..87c763353d8 100644
+--- a/cipher-aes.c
 b/cipher-aes.c
+@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, 
const u_char *iv,
+
+ static int
+ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+-LIBCRYPTO_EVP_INL_TYPE len)
++size_t len)
+ {
+   struct 

[OE-core] [PATCH] pybootchartgui: show elapsed time for each task

[Mauro Queirós via lists . openembedded . org]

From: Mauro Queiros 

Currently, finding the elapsed time of each task in buildtimes.svg
is a manual effort of checking the top axis and finding and subtracting
the end and start time of the task.

This change adds the elapsed time for each task, so that
manual effort of comparing start/end time is avoided.

Signed-off-by: Mauro Queiros 
---
 scripts/pybootchartgui/pybootchartgui/draw.py | 5 +
 1 file changed, 5 insertions(+)

diff --git a/scripts/pybootchartgui/pybootchartgui/draw.py 
b/scripts/pybootchartgui/pybootchartgui/draw.py
index 6d445aad4f..e71fe09ea6 100644
--- a/scripts/pybootchartgui/pybootchartgui/draw.py
+++ b/scripts/pybootchartgui/pybootchartgui/draw.py
@@ -682,6 +682,11 @@ def render_processes_chart(ctx, options, trace, curr_y, w, 
h, sec_w):
 draw_rect(ctx, PROC_BORDER_COLOR, (x, y, w, proc_h))

 draw_label_in_box(ctx, PROC_TEXT_COLOR, process, x, y + proc_h - 
4, w, proc_h)
+
+# Show elapsed time for each task
+elapsed_time = f"{trace.processes[process][1] - start}s"
+draw_text(ctx, elapsed_time, PROC_TEXT_COLOR, x + w + 4, y + 
proc_h - 4)
+
 y = y + proc_h

 return curr_y
--
2.25.1

The information in this communication may contain confidential or legally 
privileged information. It is intended solely for the use of the individual or 
entity it addresses and others authorized to receive it. If you are not an 
intended recipient, you are hereby notified that any disclosure, copying, 
distribution or action in reliance on the contents of this information is 
strictly prohibited and may be unlawful. If you have received this 
communication by error, please notify us immediately by responding to this 
e-mail and then delete it from your system. Critical TechWorks is not liable 
for the proper and complete transmission of the information in this 
communication nor for any delay in its receipt

This e-mail is environmentally friendly, just like Critical TechWorks, which 
lives in a paper-free atmosphere. Therefore, please consider the environment 
before printing it!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181862): 
https://lists.openembedded.org/g/openembedded-core/message/181862
Mute This Topic: https://lists.openembedded.org/mt/99196999/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

[Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org]

Hi Richard,

Please find below information on specific SQLite3.

NVD has CVEs reported for sqlite against two different products:
1. sqlite:sqlite
- Ref: https://nvd.nist.gov/vuln/detail/CVE-2020-13435
- This product is applicable to our sqlite3 SDK source

2.  ghost:sqlite3
- Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-21227
- This product is applicable to Node.js SQLite which don't applicable 
to our SDK

Conclusion:
- To report CVEs of SQLite3 source available in SDK, require CVE_PRODUCT is 
sqlite.
- we don't require to report CVEs where CVE_PRODUCT is sqlite3.
- In Yocto SDK sqlite3 recipe should have: CVE_PRODUCT= "sqlite"

Thanks,
Sanjay
-Original Message-
From: Richard Purdie 
Sent: Monday, May 29, 2023 3:11 PM
To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 
; Martin Jansa 
Cc: openembedded-core@lists.openembedded.org; Marta Rybczynska 

Subject: Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

On Mon, 2023-05-29 at 08:39 +, Sanjaykumar kantibhai Chitroda -X (schitrod 
- E-INFO CHIPS INC at Cisco) wrote:
> Hi,
>  
> I have proposed second commit to revertRevert "sqlite3: update 
> CVE_PRODUCT" - Patchwork (yoctoproject.org).
>  
> Once above commit is added on master then we don’t require to add this 
> commit.
> As CVE-2022-21227 is detected due to above commit only.

My worry is that we keep going around in circles on this. Are we sure the CVE 
database won't list things that are applicable under sqlite3?

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181861): 
https://lists.openembedded.org/g/openembedded-core/message/181861
Mute This Topic: https://lists.openembedded.org/mt/99178473/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

[Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org]

Hi Richard,

Please find below information on specific SQLite3.

NVD has CVEs reported for sqlite against two different products:
1. sqlite:sqlite
- Ref: https://nvd.nist.gov/vuln/detail/CVE-2020-13435
- This product is applicable to our sqlite3 SDK source
2.  ghost:sqlite3
- Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-21227
- This product is applicable to Node.js SQLite which don't applicable 
to our SDK

Conclusion:
- To report CVEs of SQLite3 source available in SDK, require CVE_PRODUCT is 
sqlite.
- we don't require to report CVEs where CVE_PRODUCT is sqlite3.
- In Yocto SDK sqlite3 recipe should have: CVE_PRODUCT= "sqlite"

Thanks,
Sanjay

-Original Message-
From: Richard Purdie  
Sent: Monday, May 29, 2023 3:11 PM
To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 
; Martin Jansa 
Cc: openembedded-core@lists.openembedded.org; Marta Rybczynska 

Subject: Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

On Mon, 2023-05-29 at 08:39 +, Sanjaykumar kantibhai Chitroda -X (schitrod 
- E-INFO CHIPS INC at Cisco) wrote:
> Hi,
>  
> I have proposed second commit to revertRevert "sqlite3: update 
> CVE_PRODUCT" - Patchwork (yoctoproject.org).
>  
> Once above commit is added on master then we don’t require to add this 
> commit.
> As CVE-2022-21227 is detected due to above commit only.

My worry is that we keep going around in circles on this. Are we sure the CVE 
database won't list things that are applicable under sqlite3?

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181860): 
https://lists.openembedded.org/g/openembedded-core/message/181860
Mute This Topic: https://lists.openembedded.org/mt/99178473/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] Cargo: build failure on 32-bit machine when DEBUG enabled

[Sundeep KOKKONDA]

Cargo build is failing on 32-bit machines with a 'signal: 11, SIGSEGV: invalid 
memory reference error'.
This is a workaround to disable the Debug builds for 32-bit machines.

Signed-off-by: Sundeep KOKKONDA 
---
 meta/classes-recipe/cargo.bbclass | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/classes-recipe/cargo.bbclass 
b/meta/classes-recipe/cargo.bbclass
index 7a8cc1e751..bc5ca4fdc6 100644
--- a/meta/classes-recipe/cargo.bbclass
+++ b/meta/classes-recipe/cargo.bbclass
@@ -38,6 +38,11 @@ CARGO_SRC_DIR ??= ""
 MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml"
 
 RUSTFLAGS ??= ""
+DEBUG_BUILD:qemuarm = '0'
+DEBUG_BUILD:qemuppc = '0'
+DEBUG_BUILD:qemumips = '0'
+DEBUG_BUILD:qemux86 = '0'
+DEBUG_BUILD:virtclass-multilib-lib32 = '0'
 BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}"
 CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} 
--manifest-path=${MANIFEST_PATH}"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181859): 
https://lists.openembedded.org/g/openembedded-core/message/181859
Mute This Topic: https://lists.openembedded.org/mt/99196585/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

[Richard Purdie]

On Mon, 2023-05-29 at 08:39 +, Sanjaykumar kantibhai Chitroda -X
(schitrod - E-INFO CHIPS INC at Cisco) wrote:
> Hi,
>  
> I have proposed second commit to revertRevert "sqlite3: update
> CVE_PRODUCT" - Patchwork (yoctoproject.org).
>  
> Once above commit is added on master then we don’t require to add
> this commit.
> As CVE-2022-21227 is detected due to above commit only.

My worry is that we keep going around in circles on this. Are we sure
the CVE database won't list things that are applicable under sqlite3?

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181858): 
https://lists.openembedded.org/g/openembedded-core/message/181858
Mute This Topic: https://lists.openembedded.org/mt/99178473/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH v2] sysstat: Fix CVE-2023-33204

[Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org]

Hi,

Updated patchset and commit format as per reference CVE guideline.

Thanks,
Sanjay

-Original Message-
From: openembedded-core@lists.openembedded.org 
 On Behalf Of Sanjaykumar kantibhai 
Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org
Sent: Monday, May 29, 2023 1:33 PM
To: openembedded-core@lists.openembedded.org; Sanjaykumar kantibhai Chitroda -X 
(schitrod - E-INFO CHIPS INC at Cisco) 
Cc: Xiangyu Chen 
Subject: [OE-core][PATCH v2] sysstat: Fix CVE-2023-33204

From: Xiangyu Chen 

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-33204
https://ubuntu.com/security/CVE-2023-33204

Upstream Patch:
https://github.com/sysstat/sysstat/commit/954ff2e2673c

Signed-off-by: Xiangyu Chen 
Signed-off-by: Sanjay Chitroda 
---
 .../sysstat/sysstat/CVE-2023-33204.patch  | 46 +++
 .../sysstat/sysstat_12.6.2.bb |  4 +-
 2 files changed, 49 insertions(+), 1 deletion(-)  create mode 100644 
meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch

diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch 
b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
new file mode 100644
index 00..a7b51f3217
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
@@ -0,0 +1,46 @@
+From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov 
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+
+CVE: CVE-2023-33204
+Upstream-Status: Backport 
+[https://github.com/sysstat/sysstat/commit/954ff2e2673c]
+
+Backport Changes:
+Adopt additional changes as per following merge commit of pull request:
+https://github.com/sysstat/sysstat/commit/6f8dc568e6ab
+
+Signed-off-by: Xiangyu Chen 
+Signed-off-by: Sanjay Chitroda 
+---
+ common.c | 14 --
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/common.c b/common.c
+index a3d31a5..138920c 100644
+--- a/common.c
 b/common.c
+@@ -447,15 +447,17 @@ int check_dir(char *dirname)  void 
+check_overflow(unsigned int val1, unsigned int val2,
+   unsigned int val3)
+ {
+-  if ((unsigned long long) val1 * (unsigned long long) val2 *
+-  (unsigned long long) val3 > UINT_MAX) {
++  if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++  (((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++  (unsigned long long)val2) ||
++  ((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++  (unsigned long long)val2) < (unsigned long long)val3))) {
+ #ifdef DEBUG
+-  fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+-  __FUNCTION__, (unsigned long long) val1 * (unsigned 
long long) val2 *
+-  (unsigned long long) val3);
++  fprintf(stderr, "%s: Overflow detected (%u,%u,%u). 
Aborting...\n",
++  __FUNCTION__, val1, val2, val3);
+ #endif
+   exit(4);
+-  }
++  }
+ }
+ 
+ #ifndef SOURCE_SADC
diff --git a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb 
b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
index f9e5778e76..b5014eaefb 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
@@ -2,6 +2,8 @@ require sysstat.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
 
-SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
+SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
+file://CVE-2023-33204.patch \
+"
 
 SRC_URI[sha256sum] = 
"3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48"
--
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181857): 
https://lists.openembedded.org/g/openembedded-core/message/181857
Mute This Topic: https://lists.openembedded.org/mt/99195885/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

[Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org]

Hi,

I have proposed second commit to revert Revert "sqlite3: update CVE_PRODUCT" - 
Patchwork 
(yoctoproject.org).

Once above commit is added on master then we don’t require to add this commit.
As CVE-2022-21227 is detected due to above commit only.

Thanks,
Sanjay


From: openembedded-core@lists.openembedded.org 
 On Behalf Of Martin Jansa
Sent: Monday, May 29, 2023 12:52 PM
To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 

Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

The patch author seems a bit mangled by ML, see:
author 
schitrod=cisco@lists.openembedded.org
 
mailto:cisco@lists.openembedded.org>>
 2023-05-27 22:52:52 -0700
https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=5f15caa526bb57070b9abb9ba2f488ee1bfb5372

Is it correct?

On Sun, May 28, 2023 at 7:53 AM Sanjaykumar kantibhai Chitroda -X (schitrod - 
E-INFO CHIPS INC at Cisco) via 
lists.openembedded.org 
mailto:cisco@lists.openembedded.org>>
 wrote:
This CVE is applicable to "SQLite3 bindings for Node.js" only.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-21227

Signed-off-by: Sanjay Chitroda mailto:schit...@cisco.com>>
---
 meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git 
a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb 
b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
index b09e8e7f55..11bc8bb4c0 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
@@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242"
 CVE_CHECK_IGNORE += "CVE-2015-3717"
 # Issue in an experimental extension we don't have/use. Fixed by 
https://sqlite.org/src/info/b1e0c22ec981cf5f
 CVE_CHECK_IGNORE += "CVE-2021-36690"
+# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227
+# this bug is applicable to SQLite3 Node.js
+CVE_CHECK_IGNORE += "CVE-2022-21227"
--
2.35.6




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181856): 
https://lists.openembedded.org/g/openembedded-core/message/181856
Mute This Topic: https://lists.openembedded.org/mt/99178473/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH v2] sysstat: Fix CVE-2023-33204

[Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org]

From: Xiangyu Chen 

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-33204
https://ubuntu.com/security/CVE-2023-33204

Upstream Patch:
https://github.com/sysstat/sysstat/commit/954ff2e2673c

Signed-off-by: Xiangyu Chen 
Signed-off-by: Sanjay Chitroda 
---
 .../sysstat/sysstat/CVE-2023-33204.patch  | 46 +++
 .../sysstat/sysstat_12.6.2.bb |  4 +-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch

diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch 
b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
new file mode 100644
index 00..a7b51f3217
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
@@ -0,0 +1,46 @@
+From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov 
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+
+CVE: CVE-2023-33204
+Upstream-Status: Backport 
[https://github.com/sysstat/sysstat/commit/954ff2e2673c]
+
+Backport Changes:
+Adopt additional changes as per following merge commit of pull request:
+https://github.com/sysstat/sysstat/commit/6f8dc568e6ab
+
+Signed-off-by: Xiangyu Chen 
+Signed-off-by: Sanjay Chitroda 
+---
+ common.c | 14 --
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/common.c b/common.c
+index a3d31a5..138920c 100644
+--- a/common.c
 b/common.c
+@@ -447,15 +447,17 @@ int check_dir(char *dirname)
+ void check_overflow(unsigned int val1, unsigned int val2,
+   unsigned int val3)
+ {
+-  if ((unsigned long long) val1 * (unsigned long long) val2 *
+-  (unsigned long long) val3 > UINT_MAX) {
++  if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++  (((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++  (unsigned long long)val2) ||
++  ((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++  (unsigned long long)val2) < (unsigned long long)val3))) {
+ #ifdef DEBUG
+-  fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+-  __FUNCTION__, (unsigned long long) val1 * (unsigned 
long long) val2 *
+-  (unsigned long long) val3);
++  fprintf(stderr, "%s: Overflow detected (%u,%u,%u). 
Aborting...\n",
++  __FUNCTION__, val1, val2, val3);
+ #endif
+   exit(4);
+-  }
++  }
+ }
+ 
+ #ifndef SOURCE_SADC
diff --git a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb 
b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
index f9e5778e76..b5014eaefb 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb
@@ -2,6 +2,8 @@ require sysstat.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
 
-SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
+SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
+file://CVE-2023-33204.patch \
+"
 
 SRC_URI[sha256sum] = 
"3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48"
-- 
2.35.6


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181855): 
https://lists.openembedded.org/g/openembedded-core/message/181855
Mute This Topic: https://lists.openembedded.org/mt/99195885/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH v3 1/3] cve-check: add option to add additional patched CVEs

[Andrej Valek via lists.openembedded.org]

Hello again Richard,

Maybe this email was little bit unclear..., so I will try to recap it here.
There are 2 open points, where some final decision has to be made.

- Could we rename the CVE_STATUS_REASONING -> CVE_STATUS_REASON? The first idea
came from you.
- What is the final enum for CVE_STATUS? I would say "patched" and "ignored".
Afaik, the "not applicable" status came also from you. Should we keep it, or
remove it? Of course all others are just like an additions which could be
implemented later on request.

So please, take a look on it and made a final decision.

Thank you,
Andrej

On Tue, 2023-05-23 at 10:41 +0200, Valek Andrej wrote:
> Hello Richard,
> 
> Could you please take a look on the latest revision a make a decision there?
> There are still bunch of unclear statements. So please make a final design and
> we will try to implement it.
> 
> Thank you,
> Andrej
> 
> On Mon, 2023-05-22 at 10:57 +0300, Mikko Rapeli wrote:
> > Hi,
> > 
> > On Fri, May 19, 2023 at 03:11:57PM +0200, Marta Rybczynska wrote:
> > > I'm missing a status to cover the situation when the NVD (or any other
> > > database) has an incorrect entry. We have quite many of those. This might
> > > be a temporary situation, but not always.
> > > 
> > > SPDX (the 3.0 draft) has some other possible reasons
> > > https://github.com/spdx/spdx-spec/blob/vulnerability-profile/chapters/profile-vulnerabilities.md
> > > What looks like interesting ideas are:
> > > * "Can't fix" / "Will not fix"
> > > * "Not applicable" (SPDX language: Ineffective) when the code is not used
> > > * "Invalid match" (this is our NVD mismatch case)
> > > * "Mitigated" measures taken so that it cannot be exploited
> > > * "Workarounded"
> > 
> > To me the SPDX details don't seem very usable when actually maintaining
> > a linux distro for a long time. Anyone from major Linux distro
> > stable/security teams participating in the work?
> > 
> > So I'd rather compare to Debian security tracker CVE status data and ask
> > what our LTS and master branch maintainers and those in the community
> > who maintain yocto based SW stacks need. Do the maintainers want to read
> > SPDX output, for example? What common statuses do the maintainers want to
> > encode for each CVE?
> > 
> > Debian security tracker
> > https://security-team.debian.org/security_tracker.html
> > shows states:
> > 
> >  * vulnerable: binary package with specified version in their distro
> >    version is vulnerable to the issue
> > 
> >  * fixed: binary package in their distro version has fixed the issue
> > 
> >  * undetermined: it is not yet clear if the issue affects Debian and
> >    their version of the packages
> > 
> > And "vulnerable" has sub states:
> > 
> >  * ignored: the issue does not impact Debian packages
> > 
> >  * postponed: no security patch updates will be provided, e.g. such a
> >    minor issue that update will happen for example via normal package
> >    version updates to next stable version
> > 
> > There are a lot of additional "standards" and sub states when looking at
> > CVE data in the tracker (info not public, no upstream fix available, not
> > supported configuration etc), but those major high level states are enough.
> > And then there are security relevant bugs without CVEs.
> > 
> > I've been happy with "Unpatched", "Patched" and "Ignored" states for
> > each CVE detected by cve-check.bbclass. There could be a few more sub
> > stated to "Ignored" and the "Patched" state should better reflect reality,
> > which this patch set helps. But I'm happy with that.
> > 
> > I'm not so happy with the SPDX states names and meanings.
> > 
> > Cheers,
> > 
> > -Mikko
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181854): 
https://lists.openembedded.org/g/openembedded-core/message/181854
Mute This Topic: https://lists.openembedded.org/mt/99007092/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] uninative: Upgrade to 4.0 to include latest gcc 13.1.1

[Martin Jansa]

Works on gentoo with 13.1.1_p20230520 which was failing before and seems to
work with 13.1.1_p20230527 as well (I did only a few builds since upgrade
this morning).

Thanks

Tested-By: Martin Jansa 

On Mon, May 29, 2023 at 1:04 AM Michael Halstead <
mhalst...@linuxfoundation.org> wrote:

> Signed-off-by: Michael Halstead 
> ---
>  meta/conf/distro/include/yocto-uninative.inc | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/meta/conf/distro/include/yocto-uninative.inc
> b/meta/conf/distro/include/yocto-uninative.inc
> index f3c05b7e20..ad4816a1f3 100644
> --- a/meta/conf/distro/include/yocto-uninative.inc
> +++ b/meta/conf/distro/include/yocto-uninative.inc
> @@ -7,9 +7,9 @@
>  #
>
>  UNINATIVE_MAXGLIBCVERSION = "2.37"
> -UNINATIVE_VERSION = "3.10"
> +UNINATIVE_VERSION = "4.0"
>
>  UNINATIVE_URL ?= "
> http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/
> "
> -UNINATIVE_CHECKSUM[aarch64] ?=
> "b11f7dff0ff5e3c971f22e89a105efb0f8d2006fd71d1ea3e5da771e416b0e01"
> -UNINATIVE_CHECKSUM[i686] ?=
> "ad7daa7fca7693ca07eea5279f830333530171d357759b380954a25254edd8dd"
> -UNINATIVE_CHECKSUM[x86_64] ?=
> "ce8ff7e3247da312fbf84008f415bc1b4d113ac9fe4ec91581e4a20cd8b475d3"
> +UNINATIVE_CHECKSUM[aarch64] ?=
> "7baa8418a302df52e00916193b0a04f318356d9d2670c9a2bce3e966efefd738"
> +UNINATIVE_CHECKSUM[i686] ?=
> "83114d36883d43a521e280742b9849bf85d039b2f83d8e21d480659babe75ee8"
> +UNINATIVE_CHECKSUM[x86_64] ?=
> "fd75b2a1a67a10f6b7d65afb7d0f3e71a63b0038e428f34dfe420bb37716558a"
> --
> 2.34.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181853): 
https://lists.openembedded.org/g/openembedded-core/message/181853
Mute This Topic: https://lists.openembedded.org/mt/99190723/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] sqlite3: Whitelist CVE-2022-21227

[Martin Jansa]

The patch author seems a bit mangled by ML, see:
author schitrod=cisco@lists.openembedded.org  2023-05-27 22:52:52 -0700
https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=5f15caa526bb57070b9abb9ba2f488ee1bfb5372

Is it correct?

On Sun, May 28, 2023 at 7:53 AM Sanjaykumar kantibhai Chitroda -X (schitrod
- E-INFO CHIPS INC at Cisco) via lists.openembedded.org  wrote:

> This CVE is applicable to "SQLite3 bindings for Node.js" only.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2022-21227
>
> Signed-off-by: Sanjay Chitroda 
> ---
>  meta/recipes-support/sqlite/sqlite3_3.41.2.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> index b09e8e7f55..11bc8bb4c0 100644
> --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> +++ b/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> @@ -12,3 +12,6 @@ CVE_CHECK_IGNORE += "CVE-2019-19242"
>  CVE_CHECK_IGNORE += "CVE-2015-3717"
>  # Issue in an experimental extension we don't have/use. Fixed by
> https://sqlite.org/src/info/b1e0c22ec981cf5f
>  CVE_CHECK_IGNORE += "CVE-2021-36690"
> +# As per https://nvd.nist.gov/vuln/detail/CVE-2022-21227
> +# this bug is applicable to SQLite3 Node.js
> +CVE_CHECK_IGNORE += "CVE-2022-21227"
> --
> 2.35.6
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181852): 
https://lists.openembedded.org/g/openembedded-core/message/181852
Mute This Topic: https://lists.openembedded.org/mt/99178473/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe-core][PATCH 2/4] python3: add libxcrypt-native dependency

[Richard Purdie]

On Sun, 2023-05-28 at 17:16 +0200, Alexander Kanavin wrote:
> Adding libxcrypt-native to DEPENDS definitely isn't correct, so you
> could check why virtual/crypt dependency isn't working properly for
> adding the needed headers into native variant's sysroot. If all fails,
> adjust DEPENDS:append:class-native.

Alex is right and I should have spotted this, the -native dependency
definitely isn't right. We'll either need to fix things or revert them
and wait for the right fix...

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181851): 
https://lists.openembedded.org/g/openembedded-core/message/181851
Mute This Topic: https://lists.openembedded.org/mt/99167320/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-