[yocto-security] [OE-core CVE] branch warrior updated. 2019-04-242-g14f04e6

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Wed Oct 30 06:48:18 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, warrior has been updated
       via  14f04e6b6c1fa40a1c39cd186627b4b8442f2d5e (commit)
       via  5fc9b154754e67553296a00a39ed16ab6a1d59de (commit)
       via  650dd9486d6e5410665d5376be30732c7625396d (commit)
       via  a981d9b753a13e100af1f654fb3384f0bcda0b65 (commit)
       via  041fb2743a94d7fb065b073efbe5fe5cf46cde53 (commit)
       via  23d48f2bea2d358bd8d7d4efd07792bc1f3666bd (commit)
       via  49ff6c7ef1d366007c49083f4e5faaf5a9eb086f (commit)
       via  f83ecbabb911c46de77708ede759a0b768928ea2 (commit)
       via  e73d5bb4a21497ed645e2a0a4b88c2eeaf65080a (commit)
       via  fe2d5b0d56201110323911d206243fdcc7f80115 (commit)
       via  132fb930109f4930acfc8524bcc40faa3ba6d3d9 (commit)
       via  2b7444e41e47e462a8aae0e3e1e95b04cdbaff22 (commit)
       via  f5ae4010dd29484627a169b8ab02b1012d1dd1d4 (commit)
       via  a45a6e12d6ce3a531ad924d3e548de8a95055866 (commit)
       via  61eed761a51fcb5ac293b76b4dc6edbd6dbbb32f (commit)
       via  6c2c6bed0bd5f0a303b9aacfab7db6daec3ee878 (commit)
       via  47196abf511d96d9d6c6b561430dc1827484c742 (commit)
       via  c5d2ca323a255f09c7b3378af5956671205867f4 (commit)
       via  6ab0206b8252755367f2357f49007dd78336fec0 (commit)
      from  b6e17afc06d7a44dc9774ee98de7f186580ddf0d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 14f04e6b6c1fa40a1c39cd186627b4b8442f2d5e
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Tue Oct 29 10:47:32 2019 +0100

    qemu: update to 3.1.1.1
    
    bug fix only update.
    
    Drop patches included in update.
    
    For full set of changes, see: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/tags/v3.1.1.1
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 5fc9b154754e67553296a00a39ed16ab6a1d59de
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Tue Oct 29 10:47:31 2019 +0100

    go: fix CVE-2019-16276
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    (cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 650dd9486d6e5410665d5376be30732c7625396d
Author: Changqing Li <changqing.li at windriver.com>
Date:   Tue Oct 29 10:47:30 2019 +0100

    sudo: fix CVE-2019-14287
    
    In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
    account can bypass certain policy blacklists and session PAM modules,
    and can cause incorrect logging, by invoking sudo with a crafted user
    ID. For example, this allows bypass of !root configuration, and USER=
    logging, for a "sudo -u \#$((0xffffffff))" command.
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    (cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a981d9b753a13e100af1f654fb3384f0bcda0b65
Author: Yi Zhao <yi.zhao at windriver.com>
Date:   Tue Oct 29 10:47:29 2019 +0100

    libgcrypt: fix CVE-2019-12904
    
    In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
    flush-and-reload side-channel attack because physical addresses are
    available to other processes. (The C implementation is used on platforms
    where an assembly-language implementation is unavailable.)
    
    Reference:
    https://nvd.nist.gov/vuln/detail/CVE-2019-12904
    
    Patches from:
    https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
    https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
    https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
    
    Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    (cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 4c207cb1ad46c0d2005ab3eae70d78c937e084b5)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 041fb2743a94d7fb065b073efbe5fe5cf46cde53
Author: George McCollister <george.mccollister at gmail.com>
Date:   Tue Oct 29 10:47:28 2019 +0100

    openssl: make OPENSSL_ENGINES match install path
    
    Set OPENSSL_ENGINES to the path where engines are actually installed.
    
    Signed-off-by: George McCollister <george.mccollister at gmail.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    (cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 578f41124565a7cda738c7fe3d25702ee41b08ed)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 23d48f2bea2d358bd8d7d4efd07792bc1f3666bd
Author: Changqing Li <changqing.li at windriver.com>
Date:   Tue Oct 29 10:47:27 2019 +0100

    python: Fix CVE-2019-10160
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    (cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 10d87a3085665a959a5fda64ae3895cb27ddf343)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 49ff6c7ef1d366007c49083f4e5faaf5a9eb086f
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Tue Oct 29 10:47:26 2019 +0100

    python: CVE-2019-16056
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    (cherry picked from commit 27be9cf71a6fe906a23e81b56f1cc18a6fc9ef97)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit f83ecbabb911c46de77708ede759a0b768928ea2
Author: Yi Zhao <yi.zhao at windriver.com>
Date:   Tue Oct 29 10:47:25 2019 +0100

    python: add tk-lib as runtime dependency for python-tkinter
    
    Fixes:
    ERROR: python-2.7.16-r0 do_package_qa: QA Issue:
    /usr/lib/python2.7/lib-dynload/_tkinter.so contained in package
    python-tkinter requires libtk8.6.so, but no providers found in
    RDEPENDS_python-tkinter? [file-rdeps]
    
    Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    (cherry picked from commit f78248a2380bbbbf271b5bb02c762f5bc7a3a92e)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit e73d5bb4a21497ed645e2a0a4b88c2eeaf65080a
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Tue Oct 29 10:47:24 2019 +0100

    python: include CVE patches for python-native as well
    
    Also avoids maintaining a different set of patches for both.
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    (cherry picked from commit b3b1c00cc46b33ddbf7e008267032220e1e298af)
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit fe2d5b0d56201110323911d206243fdcc7f80115
Author: Muminul Islam <misla011 at fiu.edu>
Date:   Tue Oct 29 10:47:23 2019 +0100

    libcroco: Fix two CVEs
    
    CVE: CVE-2017-8834 CVE-2017-8871
    
    Signed-off-by: Muminul Islam <muislam at microsoft.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 132fb930109f4930acfc8524bcc40faa3ba6d3d9
Author: Alexander Kanavin <alex.kanavin at gmail.com>
Date:   Tue Oct 29 10:47:22 2019 +0100

    linux-yocto: add drm-bochs support
    
    This allows better modesetting support for the '-vga std'
    emulated hardware provided by Qemu, which we want to
    standardize on.
    
    See here for background:
    https://bugzilla.yoctoproject.org/show_bug.cgi?id=13466
    
    (From OE-Core rev: 569d3f5d0454ed31f2f6df29f1703246a3dcd715)
    
    Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 2b7444e41e47e462a8aae0e3e1e95b04cdbaff22
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:21 2019 +0100

    linux-yocto/4.19: make drm-bochs feature available
    
    The other active kernel versions have this feature available. To
    consistently enable the same video output for qemu, we can cherry
    pick the feature to 4.19.
    
    (From OE-Core rev: a777e0f34e106455f963bd58fd8728a16c588c4d)
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit f5ae4010dd29484627a169b8ab02b1012d1dd1d4
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:20 2019 +0100

    kernel-yocto: import security fragments from meta-security
    
    Adding the following fragments from meta-security to make them
    centrally available and easier to maintain:
    
       283939d5c9e kernel-cache: add yama security fragments
       0b86f3fa241 kernel-cache: add ima fragments
       731b466654d kernel-cache: add smack
       813afe8ff47 kernel-cache: add apparmor fragments
    
    (From OE-Core rev: 3063d64984e993d3e7dc2f4c80fb74005f5d6d7e)
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a45a6e12d6ce3a531ad924d3e548de8a95055866
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:19 2019 +0100

    linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
    
    >From the kernel patch:
    
    [
        It was observed that the kernel embeds the path in the x86 boot
        artifacts.
    
        From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:
    
        [
           If you turn on the buildpaths QA test, or try a reproducible build, you
           discover that the kernel image contains build paths.
    
           $ strings bzImage-5.0.19-yocto-standard |grep tmp/
           out of pgt_buf in
           /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?
    
           But what's this in the top-level Makefile:
    
           $ git grep prefix-map
           Makefile:KBUILD_CFLAGS  += $(call
           cc-option,-fmacro-prefix-map=$(srctree)/=)
    
           So the __FILE__ shouldn't be using the full path.  However
           arch/x86/boot/compressed/Makefile has this:
    
           KBUILD_CFLAGS := -m$(BITS) -O2
    
           So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
        ]
    
        Other architectures do not clear the flags, but instead prune before
        adding boot or specific options. There's no obvious reason why x86 isn't
        doing the same thing (pruning vs clearing) and no build or boot issues
        have been observed.
    
        So we make x86 can do the same thing, and we no longer have embedded paths.
    ]
    
    This issue has been reported upstream, and a patch submission is
    pending, but for now, we'll soak the proposed patch in linux-yocto to
    see if any issues are found
    
    [YOCTO: #13458]
    
    (From OE-Core rev: 78b0ff5960814af935a8089ec49c51d76f148149)
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 61eed761a51fcb5ac293b76b4dc6edbd6dbbb32f
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:18 2019 +0100

    linux-yocto: bsp/beaglebone: support qemu -machine virt
    
    While we don't normally do a dual h/w and virt BSP (since they
    tend to have conflicting requirements over time). A minimal overhead
    option to do this was submitted to linux-yocto. Since it has no
    impact on the h/w reference, has SDK testing value and can serve
    as a template on how to do this for other arm boards, it is worth
    making the configuration available.
    
    The original commit log follows:
    
    [
    
       If the kernel supports Qemu's virt machine, runqemu works almost for free.
       The device tree for machine virt is included in Qemu, which simplifies
       everything quite a bit.
       This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel
       configuration which allows to:
    
         export MACHINE="beaglebone-yocto"
         bitbake core-image-minimale
         runqemu
    
       This also works out of an eSDK. Whithout this feature usually two
       different SDKs need to be compiled and maintained. One SDK is used for development
       in Qemu, another one is used to develop for the real target hardware.
    
       Signed-off-by: Adrian Freihofer <adrian.freihofer at siemens.com>
    ]
    
    (From OE-Core rev: cc1fca6d464775daa15032f11c02d16b99759407)
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6c2c6bed0bd5f0a303b9aacfab7db6daec3ee878
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:17 2019 +0100

    linux-yocto/5.0: make scsi-debug include scsi core configs
    
    Updating the scsi-debug fragment to include the core scsi config
    options. This allows standalone use of the fragment, since all
    supporting options will be enabled simply by including the top
    level config in a BSP.
    
    This also removes a configuration warning on qemuarm, since we
    will no longer have missing / unavailable options during the
    config audit.
    
    (From OE-Core rev: c65826e96a77928938fef69fc0cbc65ec7431cb2)
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 47196abf511d96d9d6c6b561430dc1827484c742
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date:   Tue Oct 29 10:47:16 2019 +0100

    linux-yocto/5.0: bsp: add basic xilinx zynqmp support
    
    Zumeng Chen has added core/basic support for the zynqmp that is bootable
    using the 5.0 and 5.2-rcX kernels. This makes the fragments available
    for future refinement and factoring. A bootlog follows:
    
        ZynqMP> setenv bootargs console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
        rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
        ZynqMP> tftpboot 0x10000000 Image; tftpboot 0x11800000 dtb; booti
        0x10000000 - 0x11800000
        Using ethernet at ff0e0000 device
    
        Filename 'Image'.
        Load address: 0x10000000
        Loading:
    	      ###########
    	      11.3 MiB/s
        done
        Bytes transferred = 16378368 (f9ea00 hex)
        Using ethernet at ff0e0000 device
        TFTP from server 128.224.162.211; our IP address is 128.224.162.99
        Filename 'dtb'.
        Load address: 0x11800000
        Loading: ##
    	      4.7 MiB/s
        done
        Bytes transferred = 19746 (4d22 hex)
    	Booting using the fdt blob at 0x11800000
    	Loading Device Tree to 0000000007ff8000, end 0000000007fffd21 ... OK
    
        Starting kernel ...
    
        Booting Linux on physical CPU 0x0000000000 [0x410fd034]
        Linux version 5.2.0-rc3-yoctodev-standard (oe-user at oe-host) (gcc version
        9.1.0 (GCC)) #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019
        Machine model: ZynqMP ZCU102 Rev1.0
        earlycon: cdns0 at MMIO 0x00000000ff000000 (options '')
        printk: bootconsole [cdns0] enabled
        efi: Getting EFI parameters from FDT:
        efi: UEFI not found.
        cma: Reserved 16 MiB at 0x000000007ec00000
        psci: probing for conduit method from DT.
        psci: PSCIv1.1 detected in firmware.
        psci: Using standard PSCI v0.2 function IDs
        psci: MIGRATE_INFO_TYPE not supported.
        psci: SMC Calling Convention v1.1
        percpu: Embedded 30 pages/cpu s83416 r8192 d31272 u122880
        Detected VIPT I-cache on CPU0
        CPU features: detected: ARM erratum 845719
        Speculative Store Bypass Disable mitigation not required
        Built 1 zonelists, mobility grouping on.  Total pages: 1031940
        Kernel command line: console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
        rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
        Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
        Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
        software IO TLB: mapped [mem 0x7ac00000-0x7ec00000] (64MB)
        Memory: 4013572K/4193280K available (10748K kernel code, 1210K rwdata,
        2764K rodata, 1216K init, 757K bss, 163324K reserved, 16384K
        cma-reserved)
        SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
        ftrace: allocating 36121 entries in 142 pages
        rcu: Preemptible hierarchical RCU implementation.
        rcu:    RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
    	     Tasks RCU enabled.
        rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
        rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
        NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
        GIC: Adjusting CPU interface base to 0x00000000f902f000
        GIC: Using split EOI/Deactivate mode
        random: get_random_bytes called from start_kernel+0x328/0x4c4 with
        crng_init=0
        arch_timer: cp15 timer(s) running at 99.99MHz (phys).
        clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles:
        0x170f8de2d3, max_idle_ns: 440795206112 ns
        sched_clock: 56 bits at 99MHz, resolution 10ns, wraps every
        4398046511101ns
        Console: colour dummy device 80x25
        Calibrating delay loop (skipped), value calculated using timer
        frequency.. 199.98 BogoMIPS (lpj=399960)
        pid_max: default: 32768 minimum: 301
        LSM: Security Framework initializing
        Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
        Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
        *** VALIDATE proc ***
        *** VALIDATE cgroup1 ***
        *** VALIDATE cgroup2 ***
        ASID allocator initialised with 32768 entries
        rcu: Hierarchical SRCU implementation.
        EFI services will not be available.
        smp: Bringing up secondary CPUs ...
        Detected VIPT I-cache on CPU1
        CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
        Detected VIPT I-cache on CPU2
        CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
        Detected VIPT I-cache on CPU3
        CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
        smp: Brought up 1 node, 4 CPUs
        SMP: Total of 4 processors activated.
        CPU features: detected: 32-bit EL0 Support
        CPU features: detected: CRC32 instructions
        CPU: All CPU(s) started at EL2
        alternatives: patching kernel code
        devtmpfs: initialized
        clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff,
        max_idle_ns: 7645041785100000 ns
        futex hash table entries: 1024 (order: 4, 65536 bytes)
        xor: measuring software checksum speed
    	8regs     :  2360.000 MB/sec
    	32regs    :  2706.000 MB/sec
    	arm64_neon:  2018.000 MB/sec
        xor: using function: 32regs (2706.000 MB/sec)
        DMI not present or invalid.
        NET: Registered protocol family 16
        cpuidle: using governor ladder
        hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
        DMA: preallocated 256 KiB pool for atomic allocations
        ��ɥ��ѭ console [ttyPS0] enabled 0xff000000 (irq = 33, base_baud =
        6250000) is a xuartps
        printk: console [ttyPS0] enabled
        printk: bootconsole [cdns0] disabled
        printk: bootconsole [cdns0] disabled
        ff010000.serial: ttyPS1 at MMIO 0xff010000 (irq = 34, base_baud =
        6250000) is a xuartps
        HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
        HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
        HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
        HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
        raid6: neonx8   gen()  1518 MB/s
        raid6: neonx8   xor()  1442 MB/s
        raid6: neonx4   gen()  1471 MB/s
        raid6: neonx4   xor()  1409 MB/s
        raid6: neonx2   gen()  1128 MB/s
        raid6: neonx2   xor()  1175 MB/s
        raid6: neonx1   gen()   737 MB/s
        raid6: neonx1   xor()   887 MB/s
        raid6: int64x8  gen()  1166 MB/s
        raid6: int64x8  xor()   763 MB/s
        raid6: int64x4  gen()   983 MB/s
        raid6: int64x4  xor()   739 MB/s
        raid6: int64x2  gen()   683 MB/s
        raid6: int64x2  xor()   601 MB/s
        raid6: int64x1  gen()   452 MB/s
        raid6: int64x1  xor()   462 MB/s
        raid6: using algorithm neonx8 gen() 1518 MB/s
        raid6: .... xor() 1442 MB/s, rmw enabled
        raid6: using neon recovery algorithm
        vgaarb: loaded
        SCSI subsystem initialized
        usbcore: registered new interface driver usbfs
        usbcore: registered new interface driver hub
        usbcore: registered new device driver usb
        media: Linux media interface: v0.10
        videodev: Linux video capture interface: v2.00
        pps_core: LinuxPPS API ver. 1 registered
        pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti
        <giometti at linux.it>
        PTP clock support registered
        EDAC MC: Ver: 3.0.0
        FPGA manager framework
        clocksource: Switched to clocksource arch_sys_counter
        *** VALIDATE hugetlbfs ***
        NET: Registered protocol family 2
        tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768
        bytes)
        TCP established hash table entries: 32768 (order: 6, 262144 bytes)
        TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
        TCP: Hash tables configured (established 32768 bind 32768)
        UDP hash table entries: 2048 (order: 4, 65536 bytes)
        UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
        NET: Registered protocol family 1
        RPC: Registered named UNIX socket transport module.
        RPC: Registered udp transport module.
        RPC: Registered tcp transport module.
        RPC: Registered tcp NFSv4.1 backchannel transport module.
        PCI: CLS 0 bytes, default 64
        hw perfevents: no interrupt-affinity property for /pmu, guessing.
        hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
        kprobes: failed to populate blacklist: -22
        Please take care of using kprobes.
        workingset: timestamp_bits=46 max_order=20 bucket_order=0
        NFS: Registering the id_resolver key type
        Key type id_resolver registered
        Key type id_legacy registered
        jffs2: version 2.2. �© 2001-2006 Red Hat, Inc.
        Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246)
        io scheduler mq-deadline registered
        io scheduler kyber registered
        nwl-pcie fd0e0000.pcie: Link is DOWN
        nwl-pcie fd0e0000.pcie: host bridge /amba/pcie at fd0e0000 ranges:
        nwl-pcie fd0e0000.pcie:   MEM 0xe0000000..0xefffffff -> 0xe0000000
        nwl-pcie fd0e0000.pcie:   MEM 0x600000000..0x7ffffffff -> 0x600000000
        nwl-pcie fd0e0000.pcie: PCI host bridge to bus 0000:00
        pci_bus 0000:00: root bus resource [bus 00-ff]
        pci_bus 0000:00: root bus resource [mem 0xe0000000-0xefffffff]
        pci_bus 0000:00: root bus resource [mem 0x600000000-0x7ffffffff pref]
        pci 0000:00:00.0: [10ee:d021] type 01 class 0x060400
        pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot
        pci 0000:00:00.0: PCI bridge to [bus 01-0c]
        pcieport 0000:00:00.0: PME: Signaling with IRQ 37
        xilinx-zynqmp-dma fd500000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd510000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd520000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd530000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd540000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd550000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd560000.dma: ZynqMP DMA driver Probe success
        xilinx-zynqmp-dma fd570000.dma: ZynqMP DMA driver Probe success
        cacheinfo: Unable to detect cache hierarchy for CPU 0
        brd: module loaded
        loop: module loaded
        ahci-ceva fd0c0000.ahci: AHCI 0001.0301 32 slots 2 ports 6 Gbps 0x3 impl
        platform mode
        ahci-ceva fd0c0000.ahci: flags: 64bit ncq sntf pm clo only pmp fbs pio
        slum part ccc sds apst
        scsi host0: ahci-ceva
        scsi host1: ahci-ceva
        ata1: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x100 irq
        31
        ata2: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x180 irq
        31
        libphy: Fixed MDIO Bus: probed
        CAN device driver interface
        libphy: MACB_mii_bus: probed
        Generic PHY ff0e0000.ethernet-ffffffff:0c: attached PHY driver [Generic
        PHY] (mii_bus:phy_addr=ff0e0000.ethernet-ffffffff:0c, irq=POLL)
        macb ff0e0000.ethernet eth0: Cadence GEM rev 0x50070106 at 0xff0e0000
        irq 20 (00:0a:35:04:9a:86)
        dwc3 fe200000.usb: Failed to get clk 'ref': -2
        dwc3 fe200000.usb: Configuration mismatch. dr_mode forced to host
        xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
        xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1
        xhci-hcd xhci-hcd.0.auto: hcc params 0x0238f625 hci version 0x100 quirks
        0x0000000002010010
        xhci-hcd xhci-hcd.0.auto: irq 35, io mem 0xfe200000
        hub 1-0:1.0: USB hub found
        hub 1-0:1.0: 1 port detected
        xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
        xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2
        xhci-hcd xhci-hcd.0.auto: Host supports USB 3.0  SuperSpeed
        usb usb2: We don't know the algorithms for LPM for this host, disabling
        LPM.
        hub 2-0:1.0: USB hub found
        hub 2-0:1.0: 1 port detected
        usbcore: registered new interface driver usb-storage
        rtc_zynqmp ffa60000.rtc: registered as rtc0
        pca953x 0-0020: 0-0020 supply vcc not found, using dummy regulator
        GPIO line 322 (sel0) hogged as output/low
        GPIO line 323 (sel1) hogged as output/high
        GPIO line 324 (sel2) hogged as output/high
        GPIO line 325 (sel3) hogged as output/high
        pca953x 0-0021: 0-0021 supply vcc not found, using dummy regulator
        cdns-i2c ff020000.i2c: 400 kHz mmio ff020000 irq 22
        cdns-i2c ff030000.i2c: 400 kHz mmio ff030000 irq 23
        i2c i2c-0: Added multiplexed i2c bus 2
        i2c i2c-0: Added multiplexed i2c bus 3
        i2c i2c-0: Added multiplexed i2c bus 4
        i2c i2c-0: Added multiplexed i2c bus 5
        pca954x 0-0075: registered 4 multiplexed busses for I2C mux pca9544
        at24 6-0054: 1024 byte 24c08 EEPROM, writable, 1 bytes/write
        i2c i2c-1: Added multiplexed i2c bus 6
        i2c i2c-7: of_i2c: modalias failure on
        /amba/i2c at ff030000/i2c-mux at 74/i2c at 1/clock-generator at 36
        i2c i2c-7: Failed to create I2C device for
        /amba/i2c at ff030000/i2c-mux at 74/i2c at 1/clock-generator at 36
        i2c i2c-1: Added multiplexed i2c bus 7
        si570 8-005d: registered, current frequency 300000000 Hz
        i2c i2c-1: Added multiplexed i2c bus 8
        si570 9-005d: clock registration failed
        si570: probe of 9-005d failed with error -17
        i2c i2c-1: Added multiplexed i2c bus 9
        i2c i2c-10: of_i2c: modalias failure on
        /amba/i2c at ff030000/i2c-mux at 74/i2c at 4/clock-generator at 69
        i2c i2c-10: Failed to create I2C device for
        /amba/i2c at ff030000/i2c-mux at 74/i2c at 4/clock-generator at 69
        i2c i2c-1: Added multiplexed i2c bus 10
        i2c i2c-1: Added multiplexed i2c bus 11
        i2c i2c-1: Added multiplexed i2c bus 12
        i2c i2c-1: Added multiplexed i2c bus 13
        pca954x 1-0074: registered 8 multiplexed busses for I2C switch pca9548
        i2c i2c-1: Added multiplexed i2c bus 14
        i2c i2c-1: Added multiplexed i2c bus 15
        i2c i2c-1: Added multiplexed i2c bus 16
        i2c i2c-1: Added multiplexed i2c bus 17
        i2c i2c-1: Added multiplexed i2c bus 18
        i2c i2c-1: Added multiplexed i2c bus 19
        i2c i2c-1: Added multiplexed i2c bus 20
        i2c i2c-1: Added multiplexed i2c bus 21
        pca954x 1-0075: registered 8 multiplexed busses for I2C switch pca9548
        ina2xx 2-0040: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-0041: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-0042: power monitor ina226 (Rshunt = 5000 uOhm)
        ata1: SATA link down (SStatus 0 SControl 330)
        ina2xx 2-0043: power monitor ina226 (Rshunt = 5000 uOhm)
        ata2: SATA link down (SStatus 0 SControl 330)
        ina2xx 2-0044: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-0045: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-0046: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-0047: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-004a: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 2-004b: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0040: power monitor ina226 (Rshunt = 2000 uOhm)
        ina2xx 3-0041: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0042: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0043: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0044: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0045: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0046: power monitor ina226 (Rshunt = 5000 uOhm)
        ina2xx 3-0047: power monitor ina226 (Rshunt = 5000 uOhm)
        cdns-wdt fd4d0000.watchdog: Xilinx Watchdog Timer at (____ptrval____)
        with timeout 10s
        device-mapper: ioctl: 4.40.0-ioctl (2019-01-18) initialised:
        dm-devel at redhat.com
        EDAC MC: ECC not enabled
        cpu cpu0: failed to get clock: -2
        cpufreq-dt: probe of cpufreq-dt failed with error -2
        sdhci: Secure Digital Host Controller Interface driver
        sdhci: Copyright(c) Pierre Ossman
        sdhci-pltfm: SDHCI platform and OF driver helper
        mmc0: SDHCI controller on ff170000.mmc [ff170000.mmc] using ADMA 64-bit
        usbcore: registered new interface driver usbhid
        usbhid: USB HID core driver
        u32 classifier
    	 Actions configured
        NET: Registered protocol family 10
        Segment Routing with IPv6
        sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
        NET: Registered protocol family 17
        can: controller area network core (rev 20170425 abi 9)
        NET: Registered protocol family 29
        can: raw protocol (rev 20170425)
        can: broadcast manager protocol (rev 20170425 t)
        can: netlink gateway (rev 20170425) max_hops=1
        Key type dns_resolver registered
        registered taskstats version 1
        Btrfs loaded, crc32c=crc32c-generic
        Key type encrypted registered
        printk: console [netcon0] enabled
        netconsole: network logging started
        rtc_zynqmp ffa60000.rtc: setting system clock to 2019-06-06T03:39:58 UTC
        (1559792398)
        macb ff0e0000.ethernet eth0: link up (1000/Full)
        pps pps0: new PPS source ptp0
        macb ff0e0000.ethernet: gem-ptp-timer ptp clock registered.
        IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
        mmc0: Problem switching card into high-speed mode!
        mmc0: new SDHC card at address 0001
        mmcblk0: mmc0:0001 SD16G 14.5 GiB
        Sending DHCP requests .
          mmcblk0: p1 p2 p3
        , OK
        IP-Config: Complete:
    	  device=eth0, hwaddr=00:0a:35:04:9a:86, ipaddr=xxxxx,
        mask=255.255.254.0
    	  host=xxx, domain=corp.ad.wrs.com, nis-domain=swamp
    	  bootserver=0.0.0.0, rootserver=0.0.0.0, rootpath=
    
        clk: Not disabling unused clocks
        md: Waiting for all devices to be available before autodetect
        md: If you don't use raid, use raid=noautodetect
        md: Autodetecting RAID arrays.
        md: autorun ...
        md: ... autorun DONE.
        EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts:
        (null)
        VFS: Mounted root (ext4 filesystem) on device 179:3.
        devtmpfs: mounted
        Freeing unused kernel memory: 1216K
        Run /sbin/init as init process
        random: fast init done
        systemd[1]: systemd 242-19-gdb2e367+ running in system mode. (+PAM
        -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP
        -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN
        -)
        systemd[1]: Detected architecture arm64.
    
        Welcome to Wind River Linux development 19.23 Update 0!
    
        systemd[1]: Set hostname to <xilinx-zynqmp>.
        random: systemd: uninitialized urandom read (16 bytes read)
        systemd[1]: Initializing machine ID from random generator.
        systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
        systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references
        a path below legacy directory /var/run/, updating
        /var/run/dbus/system_bus_socket �→ /run/dbus/system_bus_socket; please
        update the unit f.
        systemd[1]: /lib/systemd/system/rpcbind.socket:4: ListenStream=
        references a path below legacy directory /var/run/, updating
        /var/run/rpcbind.sock �→ /run/rpcbind.sock; please update the unit file
        accordingly.
        random: systemd: uninitialized urandom read (16 bytes read)
        systemd[1]: Listening on Journal Socket (/dev/log).
        [  OK  ] Listening on Journal Socket (/dev/log).
        random: systemd: uninitialized urandom read (16 bytes read)
        systemd[1]: Listening on Syslog Socket.
        [  OK  ] Listening on Syslog Socket.
        systemd[1]: Listening on udev Kernel Socket.
        [  OK  ] Listening on udev Kernel Socket.
        [  OK  ] Listening on udev Control Socket.
        [  OK  ] Created slice User and Session Slice.
        [  OK  ] Listening on initctl Compatibility Named Pipe.
        [  OK  ] Reached target Swap.
        [  OK  ] Created slice system-serial\x2dgetty.slice.
        [  OK  ] Reached target Slices.
        [  OK  ] Listening on Journal Socket.
    	      Starting udev Coldplug all Devices...
    	      Mounting POSIX Message Queue File System...
    	      Mounting Temporary Directory (/tmp)...
    	      Starting Journal Service...
    	      Starting Remount Root and Kernel File Systems...
    	      Mounting Kernel Debug File System...
        EXT4-fs (mmcblk0p3): re-mounted. Opts: (null)
    	      Starting Create list of re�…odes for the current kernel...
        [  OK  ] Started Forward Password R�…uests to Wall Directory Watch.
        [  OK  ] Reached target Remote File Systems.
        [  OK  ] Listening on Network Service Netlink Socket.
    	      Starting Apply Kernel Variables...
        [  OK  ] Started Dispatch Password �…ts to Console Directory Watch.
        [  OK  ] Reached target Paths.
        [  OK  ] Created slice system-getty.slice.
    	      Mounting Huge Pages File System...
        [  OK  ] Started Journal Service.
        [  OK  ] Mounted POSIX Message Queue File System.
        [  OK  ] Mounted Temporary Directory (/tmp).
        [  OK  ] Started Remount Root and Kernel File Systems.
        [  OK  ] Mounted Kernel Debug File System.
        [  OK  ] Started Create list of req�… nodes for the current kernel.
        [  OK  ] Started Apply Kernel Variables.
        [  OK  ] Mounted Huge Pages File System.
    	      Starting Create System Users...
    	      Starting Rebuild Hardware Database...
    	      Starting Flush Journal to Persistent Storage...
        [  OK  ] Started udev Coldplug all Devices.
        systemd-journald[148]: Received request to flush runtime journal from
        PID 1
        [  OK  ] Started Flush Journal to Persistent Storage.
        [  OK  ] Started Create System Users.
    	      Starting Create Static Device Nodes in /dev...
        [  OK  ] Started Create Static Device Nodes in /dev.
        [  OK  ] Reached target Local File Systems (Pre).
    	      Mounting /var/volatile...
        [  OK  ] Mounted /var/volatile.
        [  OK  ] Reached target Local File Systems.
    	      Starting Create Volatile Files and Directories...
    	      Starting Load/Save Random Seed...
        [  OK  ] Started Load/Save Random Seed.
        [  OK  ] Started Create Volatile Files and Directories.
    	      Starting Network Time Synchronization...
    	      Starting Rebuild Journal Catalog...
    	      Starting Update UTMP about System Boot/Shutdown...
    	      Starting Run pending postinsts...
        [  OK  ] Started Update UTMP about System Boot/Shutdown.
        [  OK  ] Started Network Time Synchronization.
        [  OK  ] Reached target System Time Set.
        [  OK  ] Reached target System Time Synchronized.
        [  OK  ] Started Rebuild Journal Catalog.
        [  OK  ] Started Run pending postinsts.
        [  OK  ] Started Rebuild Hardware Database.
    	      Starting udev Kernel Device Manager...
    	      Starting Update is Completed...
        [  OK  ] Started Update is Completed.
        [  OK  ] Started udev Kernel Device Manager.
        [  OK  ] Reached target System Initialization.
    	      Starting Console System Startup Logging...
        [  OK  ] Listening on RPCbind Server Activation Socket.
        [  OK  ] Listening on D-Bus System Message Bus Socket.
        [  OK  ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
        [  OK  ] Listening on dropbear.socket.
        [  OK  ] Reached target Sockets.
        [  OK  ] Reached target Basic System.
        [  OK  ] Started System Logging Service.
        [  OK  ] Started Dynamic Host Configuration Protocol (DHCP).
        [  OK  ] Started Kernel Logging Service.
    	      Starting Login Service...
        [  OK  ] Started D-Bus System Message Bus.
        [  OK  ] Started Xserver startup without a display manager.
        [  OK  ] Started Daily Cleanup of Temporary Directories.
        [  OK  ] Reached target Timers.
    	      Starting Telephony service...
    	      Starting Network Service...
        [  OK  ] Started Console System Startup Logging.
        [  OK  ] Found device /dev/ttyPS0.
        [  OK  ] Listening on Load/Save RF �…itch Status /dev/rfkill Watch.
        [  OK  ] Started Network Service.
    	      Starting Network Name Resolution...
        [  OK  ] Started Login Service.
        [  OK  ] Started Network Name Resolution.
        [  OK  ] Started Telephony service.
        [  OK  ] Reached target Network.
    	      Starting Berkeley Internet Name Domain (DNS)...
    	      Starting /etc/rc.local Compatibility...
    	      Starting Permit User Sessions...
    	      Starting Avahi mDNS/DNS-SD Stack...
        [  OK  ] Started /etc/rc.local Compatibility.
        [  OK  ] Started Permit User Sessions.
        [  OK  ] Started Getty on tty1.
        [  OK  ] Started Serial Getty on ttyPS0.
        [  OK  ] Started Avahi mDNS/DNS-SD Stack.
        [  OK  ] Started Berkeley Internet Name Domain (DNS).
        [  OK  ] Reached target Host and Network Name Lookups.
    
        Wind River Linux development 19.23 Update 0 xilinx-zynqmp ttyPS0
    
        xilinx-zynqmp login: root
        root at xilinx-zynqmp:~# uname 0a
        uname: extra operand '0a'
        Try 'uname --help' for more information.
        root at xilinx-zynqmp:~# uname -a
        Linux xilinx-zynqmp 5.2.0-rc3-yoctodev-standard #1 SMP PREEMPT Thu Jun 6
        00:53:26 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
    
    (From OE-Core rev: b0dc58f535a27be6c649dcf336c7dc0cdb23d96b)
    
    Signed-off-by: Zumeng Chen <zchen at windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit c5d2ca323a255f09c7b3378af5956671205867f4
Author: Zang Ruochen <zangrc.fnst at cn.fujitsu.com>
Date:   Tue Oct 29 10:47:15 2019 +0100

    gnutls:upgrade 3.6.7 -> 3.6.8
    
    -Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb.
    
    Signed-off-by: Zang Ruochen <zangrc.fnst at cn.fujitsu.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    (cherry picked from commit b34486a616ab4d4b30247a5dff58a18ef26ed709)
    [Bug fix only update.
    Including: CVE-2019-3836 CVE-2019-3829
    https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6ab0206b8252755367f2357f49007dd78336fec0
Author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
Date:   Tue Oct 29 10:47:14 2019 +0100

    kernel.bbclass: fix installation of modules signing certificates
    
    If one has provided external key/certificate for modules signing, Kbuild
    will skip creating signing_key.pem and will write only signing_key.x509
    certificate. Thus we have to check for .x509 file existence rather than
    .pem one.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    (cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
    Signed-off-by: Nicolas Dechesne <nicolas.dechesne at linaro.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

-----------------------------------------------------------------------

Summary of changes:
 meta/classes/kernel.bbclass                        |   2 +-
 .../recipes-connectivity/openssl/openssl_1.1.1b.bb |   2 +-
 meta/recipes-devtools/go/go-1.12.inc               |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++++++++++
 meta/recipes-devtools/python/python.inc            |   5 +
 ...55-Dont-parse-domains-containing-GH-13079.patch |  90 ++++++
 .../python/python/bpo-36742-cve-2019-10160.patch   |  81 +++++
 meta/recipes-devtools/python/python3_3.7.4.bb      |   2 +-
 meta/recipes-devtools/python/python_2.7.16.bb      |   9 +-
 ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} |   0
 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc                |  14 +-
 .../0001-egl-headless-add-egl_create_context.patch |  50 ----
 .../qemu/qemu/0014-fix-CVE-2018-16872.patch        |  85 ------
 .../qemu/qemu/0015-fix-CVE-2018-20124.patch        |  60 ----
 .../qemu/qemu/0016-fix-CVE-2018-20125.patch        |  54 ----
 .../qemu/qemu/0017-fix-CVE-2018-20126.patch        | 113 -------
 .../qemu/qemu/0018-fix-CVE-2018-20191.patch        |  47 ---
 .../qemu/qemu/0019-fix-CVE-2018-20216.patch        |  85 ------
 .../qemu/qemu/CVE-2018-20815.patch                 |  38 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch |  39 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -------------
 .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb}        |   0
 .../sudo/sudo/CVE-2019-14287-1.patch               | 178 +++++++++++
 .../sudo/sudo/CVE-2019-14287-2.patch               | 112 +++++++
 meta/recipes-extended/sudo/sudo_1.8.27.bb          |   2 +
 meta/recipes-kernel/linux/linux-yocto-dev.bb       |   2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   |   4 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb    |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb |   2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb  |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb      |   4 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb       |  21 +-
 .../gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb}    |   4 +-
 .../libcroco/libcroco/CVE-2017-8834_71.patch       |  38 +++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |   1 +
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++++++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 40 files changed, 1307 insertions(+), 831 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
 rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
 rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
 rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%)
 create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch


hooks/post-receive
-- 



More information about the yocto-security mailing list