Date   

[Git][cip-project/cip-kernel/cip-kernel-sec][master] 7 commits: Import more data

Agustin Benito Bethencourt
 

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

  • 459fd073
    by Ben Hutchings at 2019-08-14T18:28:58Z
    Import more data
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • 79ccb47e
    by Ben Hutchings at 2019-08-14T18:29:49Z
    Delete duplicate of CVE-2017-18509
    
    
    
    This issue was assigned CVE-2017-18509 and renamed in Debian's
    
    kernel_sec repo, but import_debian.py isn't smart enough to handle
    
    name changes.
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • 36b13fa6
    by Ben Hutchings at 2019-08-14T18:42:23Z
    Record stable fixes for CVE-2019-1125
    
    
    
    The stable commits don't correspond 1:1 to the upstream fixes:
    
    
    
    - The documentation update coulddn't be applied to some branches, and
    
      isn't strictly needed
    
    - In some backports the JMPQ→JMP fix was squashed into the patch that
    
      it fixes
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • c2f5ee8a
    by Ben Hutchings at 2019-08-14T18:45:35Z
    Record introduced-by commits for the TCP reconnect use-after-free
    
    
    
    This is a stable-only issue so import_stable.py can't handle it
    
    automatically.
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • efde8891
    by Ben Hutchings at 2019-08-14T18:53:14Z
    Update fixed-by commits for CVE-2019-10638
    
    
    
    As I understand it, the complete fix for weak randomisation of IP ID
    
    generation was to switch from jhash to siphash.  The previously
    
    identified commits improved it a bit but not enough to consider this
    
    fixed.
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • e0079ecc
    by Ben Hutchings at 2019-08-15T19:49:05Z
    Record fixed-by commit for CVE-2019-14763
    
    
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
    
  • a0b90b8d
    by Ben Hutchings at 2019-08-19T13:45:42Z
    Merge branch 'bwh/update-issues' into 'master'
    
    
    
    Update issues
    
    
    
    See merge request cip-project/cip-kernel/cip-kernel-sec!5

30 changed files:

The diff was not included because it is too large.


[Git][cip-project/cip-kernel/cip-kernel-sec] Deleted branch bwh/web-report-affected

Agustin Benito Bethencourt
 

Ben Hutchings deleted branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec


[Git][cip-project/cip-kernel/cip-kernel-sec][master] 3 commits: webview: Add "open issues" page similar to default report_affected output

Agustin Benito Bethencourt
 

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

  • bc3d6315
    by Ben Hutchings at 2019-08-15T15:01:34Z
    webview: Add "open issues" page similar to default report_affected output
    
    Thew new page shows a table of open issues with the status for each
    branch.
    
    * Expose the page at /issue/open/
    * Link to it from the root
    * Align text to the left in the heading row
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • b72bc3f4
    by Ben Hutchings at 2019-08-15T15:40:50Z
    webview: Make open issues table headings "sticky"
    
    The open issues table can easily be larger than a browser window.
    Style the table headings for this table so that they don't scroll
    away (in either dimension).
    
    Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
    compatible with current Edge and Safari.
    
    Signed-off-by: Ben Hutchings <ben.hutchings@...>
    
  • 3c031569
    by Ben Hutchings at 2019-08-19T13:45:16Z
    Merge branch 'bwh/web-report-affected' into 'master'
    
    webview: Add "open issues" page similar to default report_affected output
    
    See merge request cip-project/cip-kernel/cip-kernel-sec!6

4 changed files:

Changes:

  • scripts/templates/open_issues.html
    1
    +<link rel="stylesheet" href="/static/style.css">
    
    2
    +<title>Open issues</title>
    
    3
    +<h1>Open issues</h1>
    
    4
    +<div class="table-container">
    
    5
    +  <table class="fixed-header">
    
    6
    +    <thead>
    
    7
    +      <tr>
    
    8
    +	<th/>
    
    9
    +	{% for name, _, _ in branches %}
    
    10
    +	<th>
    
    11
    +	  <a href="/branch/{{ name }}/">{{ name }}</a>
    
    12
    +	</th>
    
    13
    +	{% endfor %}
    
    14
    +      </tr>
    
    15
    +    </thead>
    
    16
    +    {% for cve_id, issue in cve_ids %}
    
    17
    +    <tr>
    
    18
    +      <th>
    
    19
    +	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>
    
    20
    +      </th>
    
    21
    +      {% for name, branch, affected in branches %}
    
    22
    +      {% if not affected[cve_id] %}
    
    23
    +      {% if issue['fixed-by'] and issue['fixed-by'][name] %}
    
    24
    +      <td class="good">fixed</td>
    
    25
    +      {% else %}
    
    26
    +      <td class="good">never affected</td>
    
    27
    +      {% endif %}
    
    28
    +      {% else %}
    
    29
    +      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}
    
    30
    +      <td class="ignored">ignored</td>
    
    31
    +      {% else %}
    
    32
    +      <td class="bad">vulnerable</td>
    
    33
    +      {% endif %}
    
    34
    +      {% endif %}
    
    35
    +      {% endfor %}
    
    36
    +    </tr>
    
    37
    +    {% endfor %}
    
    38
    +  </table>
    
    39
    +</div>

  • scripts/templates/root.html
    ... ... @@ -2,5 +2,7 @@
    2 2
     <title>Kernel security tracker</title>
    
    3 3
     <h1>Kernel security tracker</h1>
    
    4 4
     <p>
    
    5
    -  <a href="branch/">View branches</a> | <a href="issue/">View issues</a>
    
    5
    +  <a href="branch/">View branches</a> |
    
    6
    +  <a href="issue/open/">View open issues</a> |
    
    7
    +  <a href="issue/">View all issues</a>
    
    6 8
     </p>

  • scripts/templates/style.css
    ... ... @@ -38,7 +38,33 @@ th {
    38 38
         vertical-align: top;
    
    39 39
         white-space: nowrap;
    
    40 40
     }
    
    41
    +thead th {
    
    42
    +    text-align: left;
    
    43
    +}
    
    41 44
     th, td {
    
    42 45
         padding-left: 0.5em;
    
    43 46
         padding-right: 0.5em;
    
    44 47
     }
    
    48
    +
    
    49
    +/*
    
    50
    + * Stop table headings scrolling away using position: sticky; see
    
    51
    + * <https://stackoverflow.com/questions/11891065/>.
    
    52
    + */
    
    53
    +table-container {
    
    54
    +    display: inline-block;
    
    55
    +    overflow: auto;
    
    56
    +}
    
    57
    +table.fixed-header thead th {
    
    58
    +    position: -webkit-sticky;
    
    59
    +    position: sticky;
    
    60
    +    top: 0;
    
    61
    +    background-color: #ffffff;
    
    62
    +    background-clip: padding-box;
    
    63
    +}
    
    64
    +table.fixed-header tbody th {
    
    65
    +    position: -webkit-sticky;
    
    66
    +    position: sticky;
    
    67
    +    left: 0;
    
    68
    +    background-color: #ffffff;
    
    69
    +    background-clip: padding-box;
    
    70
    +}

  • scripts/webview.py
    1 1
     #!/usr/bin/python3
    
    2 2
     
    
    3
    -# Copyright 2018 Codethink Ltd.
    
    3
    +# Copyright 2018-2019 Codethink Ltd.
    
    4 4
     #
    
    5 5
     # This script is distributed under the terms and conditions of the GNU General
    
    6 6
     # Public License, Version 3 or later. See http://www.gnu.org/copyleft/gpl.html
    
    ... ... @@ -137,6 +137,43 @@ class Issue:
    137 137
                 remotes=self._root.remotes)
    
    138 138
     
    
    139 139
     
    
    140
    +class OpenIssues:
    
    141
    +    _template = _template_env.get_template('open_issues.html')
    
    142
    +
    
    143
    +    def __init__(self, root):
    
    144
    +        self._root = root
    
    145
    +
    
    146
    +    @cherrypy.expose
    
    147
    +    def index(self):
    
    148
    +        open_cve_ids = []
    
    149
    +        branches = [
    
    150
    +            (branch_name, self._root.branch_defs[branch_name], {})
    
    151
    +            for branch_name in self._root.branch_names
    
    152
    +        ]
    
    153
    +        for cve_id in _issue_cache.keys():
    
    154
    +            issue = _issue_cache[cve_id]
    
    155
    +            ignore = issue.get('ignore', {})
    
    156
    +            if 'all' in ignore:
    
    157
    +                continue
    
    158
    +            is_open = False
    
    159
    +            for branch_name, branch, affected in branches:
    
    160
    +                if kernel_sec.issue.affects_branch(
    
    161
    +                        issue, branch, self._root.is_commit_in_branch):
    
    162
    +                    affected[cve_id] = True
    
    163
    +                    if branch_name not in ignore:
    
    164
    +                        is_open = True
    
    165
    +            if is_open:
    
    166
    +                open_cve_ids.append(cve_id)
    
    167
    +
    
    168
    +        return self._template.render(
    
    169
    +            cve_ids=[
    
    170
    +                (cve_id, _issue_cache[cve_id])
    
    171
    +                for cve_id in sorted(open_cve_ids,
    
    172
    +                                     key=kernel_sec.issue.get_id_sort_key)
    
    173
    +            ],
    
    174
    +            branches=branches)
    
    175
    +
    
    176
    +
    
    140 177
     class Issues:
    
    141 178
         _template = _template_env.get_template('issues.html')
    
    142 179
     
    
    ... ... @@ -146,6 +183,8 @@ class Issues:
    146 183
         def _cp_dispatch(self, vpath):
    
    147 184
             if len(vpath) == 1 and vpath[0] in _issue_cache:
    
    148 185
                 return Issue(vpath.pop(), self._root)
    
    186
    +        if len(vpath) == 1 and vpath[0] == 'open':
    
    187
    +            return OpenIssues(self._root)
    
    149 188
             return vpath
    
    150 189
     
    
    151 190
         @cherrypy.expose
    


  • [Git][cip-project/cip-kernel/cip-kernel-sec][bwh/update-issues] Record fixed-by commit for CVE-2019-14763

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed to branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec

    Commits:

    • e0079ecc
      by Ben Hutchings at 2019-08-15T19:49:05Z
      Record fixed-by commit for CVE-2019-14763
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      

    1 changed file:

    Changes:

  • issues/CVE-2019-14763.yml
    ... ... @@ -20,6 +20,8 @@ comments:
    20 20
         c91815b59624.
    
    21 21
     reporters:
    
    22 22
     - Tuba Yavuz
    
    23
    +introduced-by:
    
    24
    +  mainline: [15b8d9332b927d76a0b26cf70c564756d1648133]
    
    23 25
     fixed-by:
    
    24 26
       linux-4.14.y: [59d3a952e4f3d505f9444e86db069081323351c7]
    
    25 27
       mainline: [c91815b596245fd7da349ecc43c8def670d2269e]


  • [Git][cip-project/cip-kernel/cip-kernel-sec][bwh/web-report-affected] webview: Make open issues table headings "sticky"

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed to branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

    Commits:

    • b72bc3f4
      by Ben Hutchings at 2019-08-15T15:40:50Z
      webview: Make open issues table headings "sticky"
      
      The open issues table can easily be larger than a browser window.
      Style the table headings for this table so that they don't scroll
      away (in either dimension).
      
      Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
      compatible with current Edge and Safari.
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      

    2 changed files:

    Changes:

  • scripts/templates/open_issues.html
    1 1
     <link rel="stylesheet" href="/static/style.css">
    
    2 2
     <title>Open issues</title>
    
    3 3
     <h1>Open issues</h1>
    
    4
    -<table>
    
    5
    -  <thead>
    
    4
    +<div class="table-container">
    
    5
    +  <table class="fixed-header">
    
    6
    +    <thead>
    
    7
    +      <tr>
    
    8
    +	<th/>
    
    9
    +	{% for name, _, _ in branches %}
    
    10
    +	<th>
    
    11
    +	  <a href="/branch/{{ name }}/">{{ name }}</a>
    
    12
    +	</th>
    
    13
    +	{% endfor %}
    
    14
    +      </tr>
    
    15
    +    </thead>
    
    16
    +    {% for cve_id, issue in cve_ids %}
    
    6 17
         <tr>
    
    7
    -      <td/>
    
    8
    -      {% for name, _, _ in branches %}
    
    9 18
           <th>
    
    10
    -	<a href="/branch/{{ name }}/">{{ name }}</a>
    
    19
    +	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>
    
    11 20
           </th>
    
    21
    +      {% for name, branch, affected in branches %}
    
    22
    +      {% if not affected[cve_id] %}
    
    23
    +      {% if issue['fixed-by'] and issue['fixed-by'][name] %}
    
    24
    +      <td class="good">fixed</td>
    
    25
    +      {% else %}
    
    26
    +      <td class="good">never affected</td>
    
    27
    +      {% endif %}
    
    28
    +      {% else %}
    
    29
    +      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}
    
    30
    +      <td class="ignored">ignored</td>
    
    31
    +      {% else %}
    
    32
    +      <td class="bad">vulnerable</td>
    
    33
    +      {% endif %}
    
    34
    +      {% endif %}
    
    12 35
           {% endfor %}
    
    13 36
         </tr>
    
    14
    -  </thead>
    
    15
    -  {% for cve_id, issue in cve_ids %}
    
    16
    -  <tr>
    
    17
    -    <th>
    
    18
    -      <a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>
    
    19
    -    </th>
    
    20
    -    {% for name, branch, affected in branches %}
    
    21
    -    {% if not affected[cve_id] %}
    
    22
    -    {% if issue['fixed-by'] and issue['fixed-by'][name] %}
    
    23
    -    <td class="good">fixed</td>
    
    24
    -    {% else %}
    
    25
    -    <td class="good">never affected</td>
    
    26
    -    {% endif %}
    
    27
    -    {% else %}
    
    28
    -    {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}
    
    29
    -    <td class="ignored">ignored</td>
    
    30
    -    {% else %}
    
    31
    -    <td class="bad">vulnerable</td>
    
    32
    -    {% endif %}
    
    33
    -    {% endif %}
    
    34 37
         {% endfor %}
    
    35
    -  </tr>
    
    36
    -  {% endfor %}
    
    37
    -</table>
    38
    +  </table>
    
    39
    +</div>

  • scripts/templates/style.css
    ... ... @@ -45,3 +45,26 @@ th, td {
    45 45
         padding-left: 0.5em;
    
    46 46
         padding-right: 0.5em;
    
    47 47
     }
    
    48
    +
    
    49
    +/*
    
    50
    + * Stop table headings scrolling away using position: sticky; see
    
    51
    + * <https://stackoverflow.com/questions/11891065/>.
    
    52
    + */
    
    53
    +table-container {
    
    54
    +    display: inline-block;
    
    55
    +    overflow: auto;
    
    56
    +}
    
    57
    +table.fixed-header thead th {
    
    58
    +    position: -webkit-sticky;
    
    59
    +    position: sticky;
    
    60
    +    top: 0;
    
    61
    +    background-color: #ffffff;
    
    62
    +    background-clip: padding-box;
    
    63
    +}
    
    64
    +table.fixed-header tbody th {
    
    65
    +    position: -webkit-sticky;
    
    66
    +    position: sticky;
    
    67
    +    left: 0;
    
    68
    +    background-color: #ffffff;
    
    69
    +    background-clip: padding-box;
    
    70
    +}


  • [Git][cip-project/cip-kernel/cip-kernel-sec][bwh/web-report-affected] 2 commits: webview: Add "open issues" page similar to default report_affected output

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed to branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

    Commits:

    • bc3d6315
      by Ben Hutchings at 2019-08-15T15:01:34Z
      webview: Add "open issues" page similar to default report_affected output
      
      Thew new page shows a table of open issues with the status for each
      branch.
      
      * Expose the page at /issue/open/
      * Link to it from the root
      * Align text to the left in the heading row
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      
    • f5fbacbd
      by Ben Hutchings at 2019-08-15T15:33:32Z
      webview: Make open issues table headings "sticky"
      
      The open issues table can easily be larger than a browser window.
      Style the table headings for this table so that they don't scroll
      away (in either dimension).
      
      Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
      compatible with current Edge and Safari.
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      

    4 changed files:

    Changes:

  • scripts/templates/open_issues.html
    1
    +<link rel="stylesheet" href="/static/style.css">
    
    2
    +<title>Open issues</title>
    
    3
    +<h1>Open issues</h1>
    
    4
    +<div class="table-container">
    
    5
    +  <table class="fixed-header">
    
    6
    +    <thead>
    
    7
    +      <tr>
    
    8
    +	<td/>
    
    9
    +	{% for name, _, _ in branches %}
    
    10
    +	<th>
    
    11
    +	  <a href="/branch/{{ name }}/">{{ name }}</a>
    
    12
    +	</th>
    
    13
    +	{% endfor %}
    
    14
    +      </tr>
    
    15
    +    </thead>
    
    16
    +    {% for cve_id, issue in cve_ids %}
    
    17
    +    <tr>
    
    18
    +      <th>
    
    19
    +	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>
    
    20
    +      </th>
    
    21
    +      {% for name, branch, affected in branches %}
    
    22
    +      {% if not affected[cve_id] %}
    
    23
    +      {% if issue['fixed-by'] and issue['fixed-by'][name] %}
    
    24
    +      <td class="good">fixed</td>
    
    25
    +      {% else %}
    
    26
    +      <td class="good">never affected</td>
    
    27
    +      {% endif %}
    
    28
    +      {% else %}
    
    29
    +      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}
    
    30
    +      <td class="ignored">ignored</td>
    
    31
    +      {% else %}
    
    32
    +      <td class="bad">vulnerable</td>
    
    33
    +      {% endif %}
    
    34
    +      {% endif %}
    
    35
    +      {% endfor %}
    
    36
    +    </tr>
    
    37
    +    {% endfor %}
    
    38
    +  </table>
    
    39
    +</div>

  • scripts/templates/root.html
    ... ... @@ -2,5 +2,7 @@
    2 2
     <title>Kernel security tracker</title>
    
    3 3
     <h1>Kernel security tracker</h1>
    
    4 4
     <p>
    
    5
    -  <a href="branch/">View branches</a> | <a href="issue/">View issues</a>
    
    5
    +  <a href="branch/">View branches</a> |
    
    6
    +  <a href="issue/open/">View open issues</a> |
    
    7
    +  <a href="issue/">View all issues</a>
    
    6 8
     </p>

  • scripts/templates/style.css
    ... ... @@ -38,7 +38,33 @@ th {
    38 38
         vertical-align: top;
    
    39 39
         white-space: nowrap;
    
    40 40
     }
    
    41
    +thead th {
    
    42
    +    text-align: left;
    
    43
    +}
    
    41 44
     th, td {
    
    42 45
         padding-left: 0.5em;
    
    43 46
         padding-right: 0.5em;
    
    44 47
     }
    
    48
    +
    
    49
    +/*
    
    50
    + * Stop table headings scrolling away using position: sticky; see
    
    51
    + * <https://stackoverflow.com/questions/11891065/>.
    
    52
    + */
    
    53
    +table-container {
    
    54
    +    display: inline-block;
    
    55
    +    overflow: auto;
    
    56
    +}
    
    57
    +table.fixed-header thead th {
    
    58
    +    position: -webkit-sticky;
    
    59
    +    position: sticky;
    
    60
    +    top: 0;
    
    61
    +    background-color: #ffffff;
    
    62
    +    background-clip: padding-box;
    
    63
    +}
    
    64
    +table.fixed-header tbody th {
    
    65
    +    position: -webkit-sticky;
    
    66
    +    position: sticky;
    
    67
    +    left: 0;
    
    68
    +    background-color: #ffffff;
    
    69
    +    background-clip: padding-box;
    
    70
    +}

  • scripts/webview.py
    1 1
     #!/usr/bin/python3
    
    2 2
     
    
    3
    -# Copyright 2018 Codethink Ltd.
    
    3
    +# Copyright 2018-2019 Codethink Ltd.
    
    4 4
     #
    
    5 5
     # This script is distributed under the terms and conditions of the GNU General
    
    6 6
     # Public License, Version 3 or later. See http://www.gnu.org/copyleft/gpl.html
    
    ... ... @@ -137,6 +137,43 @@ class Issue:
    137 137
                 remotes=self._root.remotes)
    
    138 138
     
    
    139 139
     
    
    140
    +class OpenIssues:
    
    141
    +    _template = _template_env.get_template('open_issues.html')
    
    142
    +
    
    143
    +    def __init__(self, root):
    
    144
    +        self._root = root
    
    145
    +
    
    146
    +    @cherrypy.expose
    
    147
    +    def index(self):
    
    148
    +        open_cve_ids = []
    
    149
    +        branches = [
    
    150
    +            (branch_name, self._root.branch_defs[branch_name], {})
    
    151
    +            for branch_name in self._root.branch_names
    
    152
    +        ]
    
    153
    +        for cve_id in _issue_cache.keys():
    
    154
    +            issue = _issue_cache[cve_id]
    
    155
    +            ignore = issue.get('ignore', {})
    
    156
    +            if 'all' in ignore:
    
    157
    +                continue
    
    158
    +            is_open = False
    
    159
    +            for branch_name, branch, affected in branches:
    
    160
    +                if kernel_sec.issue.affects_branch(
    
    161
    +                        issue, branch, self._root.is_commit_in_branch):
    
    162
    +                    affected[cve_id] = True
    
    163
    +                    if branch_name not in ignore:
    
    164
    +                        is_open = True
    
    165
    +            if is_open:
    
    166
    +                open_cve_ids.append(cve_id)
    
    167
    +
    
    168
    +        return self._template.render(
    
    169
    +            cve_ids=[
    
    170
    +                (cve_id, _issue_cache[cve_id])
    
    171
    +                for cve_id in sorted(open_cve_ids,
    
    172
    +                                     key=kernel_sec.issue.get_id_sort_key)
    
    173
    +            ],
    
    174
    +            branches=branches)
    
    175
    +
    
    176
    +
    
    140 177
     class Issues:
    
    141 178
         _template = _template_env.get_template('issues.html')
    
    142 179
     
    
    ... ... @@ -146,6 +183,8 @@ class Issues:
    146 183
         def _cp_dispatch(self, vpath):
    
    147 184
             if len(vpath) == 1 and vpath[0] in _issue_cache:
    
    148 185
                 return Issue(vpath.pop(), self._root)
    
    186
    +        if len(vpath) == 1 and vpath[0] == 'open':
    
    187
    +            return OpenIssues(self._root)
    
    149 188
             return vpath
    
    150 189
     
    
    151 190
         @cherrypy.expose
    


  • Re: Testing CIP kernel with Debian gcc

    Ben Hutchings <ben.hutchings@...>
     

    On Thu, 2019-08-15 at 10:50 +0800, SZ Lin (林上智) wrote:
    Hi all,

    According to the discussion in IRC weekly meeting last week, do we
    want to add extra compiler options (e.g., security hardening) in CIP
    development? Or use origin setting from Debian package.

    I also attached Debian gcc 6.3 and 8.3 options below
    So far as I could see, the only hardening option enabled there is PIE.
    That's good for user-space but can't be used in the kernel (currently).

    Any feedback is appreciated.
    There is another source of default tool-chain options for *packages*,
    which is dpkg-buildflags. In buster that enables most hardening
    options by default. Most packages will set the tool-chain options
    using dpkg-buildflags (dh does so automatically), but this would need
    to be checked for each package. And this doesn't help to harden
    unpackaged software that members include in their systems.

    For the kernel, hardening options can require (arch-dependent) code to
    support them because the kernel does not use the C library or even the
    gcc runtime library. So the kernel build system generally requires
    them to be explicitly enabled in Kconfig, and will override them if
    they're enabled in default compiler options but not Kconfig.

    So I think that changing the default tool-chain options may be worth
    doing for user-space software, but the kernel will still need to be
    handled separately.

    Ben.

    --
    Ben Hutchings, Software Developer Codethink Ltd
    https://www.codethink.co.uk/ Dale House, 35 Dale Street
    Manchester, M1 2HF, United Kingdom


    Re: [Cip-security] Testing CIP kernel with Debian gcc

    Yasin Demirci
     

    Hello Lin-san,

    I'm not sure about the consequences of the two different approaches.
    However I thought we want to make security a mandatory feature in CIP so an optional removal would not be planned?

    Best Regards
    Yasin

    -----Ursprüngliche Nachricht-----
    Von: cip-security-bounces@lists.cip-project.org <cip-security-bounces@lists.cip-project.org> Im Auftrag von SZ Lin (???)
    Gesendet: Donnerstag, 15. August 2019 04:51
    An: cip-dev@lists.cip-project.org; cip-security@lists.cip-project.org
    Cc: pavel@denx.de; Ben Hutchings <ben.hutchings@codethink.co.uk>; Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
    Betreff: Re: [Cip-security] [cip-dev] Testing CIP kernel with Debian gcc

    Hi all,

    According to the discussion in IRC weekly meeting last week, do we want to add extra compiler options (e.g., security hardening) in CIP development? Or use origin setting from Debian package.

    I also attached Debian gcc 6.3 and 8.3 options below

    Any feedback is appreciated.

    SZ

    == Debian 9 gcc 6.3 options ==
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
    Target: x86_64-linux-gnu
    Configured with: ../src/configure -v --with-pkgversion='Debian 6.3.0-18+deb9u1' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
    --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++
    --prefix=/usr --program-suffix=-6 --program-prefix=x86_64-linux-gnu-
    --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre
    --enable-java-home
    --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
    --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
    --with-arch-directory=amd64
    --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
    --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch
    --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ==

    == Debian 10 gcc 8.3 options ==
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/8/lto-wrapper
    OFFLOAD_TARGET_NAMES=nvptx-none
    OFFLOAD_TARGET_DEFAULT=1
    Target: x86_64-linux-gnu
    Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-19' --with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs
    --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++
    --prefix=/usr --with-gcc-major-version-only --program-suffix=-8
    --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror
    --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto --enable-link-mutex Thread model: posix gcc version 8.3.0 (Debian 8.3.0-19) ==

    Ben Hutchings <ben.hutchings@codethink.co.uk> 於 2019年8月9日 週五 下午9:05寫道:

    On Thu, 2019-08-08 at 12:05 +0000, Chris Paterson wrote:
    [...]
    Do Debian make any changes/fixes in their gcc package?
    Yes, they are usually snapshots of a release branch, with some cherry-
    picked fixes e.g. for gcc-8 in buster the latest changelog entry is:

    gcc-8 (8.3.0-6) unstable; urgency=medium

    * Update to SVN 20190406 (r270182) from the gcc-8-branch.
    - Fix PR middle-end/89934, PR lto/89896.
    * Fix PR fortran/89981, taken from the trunk.

    -- Matthias Klose <doko@debian.org> Sat, 06 Apr 2019 16:44:55 +0200

    Older gcc packages also have backports of retpoline support.

    The packages provided in the links above are presumably for compiling in the native system.
    Does Debian provide suitable packages for cross-compiling?
    [...]

    Yes, starting with stretch there are cross-compilers for x86 and arm64
    targetting most release architectures. They are named gcc-<major>-
    <triplet>, e.g. gcc-8-arm-linux-gnueabihf (except that x86_64 is
    changed to x86-64 since underscores aren't allowed in package names).

    Ben.

    --
    Ben Hutchings, Software Developer Codethink Ltd
    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.codethink.co.uk%2F&;data=02%7C01%7Cyasin.demirci%40siemens.com%7Cce7f021bcba74953d9a908d7212b6575%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637014342590931622&amp;sdata=EWVK36tc%2FQ3F5czxC%2Fbt8uC28Ej0zptuBBLDcjOIe8g%3D&amp;reserved=0 Dale House, 35 Dale Street
    Manchester, M1 2HF, United
    Kingdom

    _______________________________________________
    cip-dev mailing list
    cip-dev@lists.cip-project.org
    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
    s.cip-project.org%2Fmailman%2Flistinfo%2Fcip-dev&amp;data=02%7C01%7Cya
    sin.demirci%40siemens.com%7Cce7f021bcba74953d9a908d7212b6575%7C38ae3bc
    d95794fd4addab42e1495d55a%7C1%7C0%7C637014342590931622&amp;sdata=RKknv
    i5KP616jx33TDg4NpK3RhHSOr4k1wJeFR%2FTZKM%3D&amp;reserved=0
    _______________________________________________
    Cip-security mailing list
    Cip-security@lists.cip-project.org
    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cip-project.org%2Fmailman%2Flistinfo%2Fcip-security&;data=02%7C01%7Cyasin.demirci%40siemens.com%7Cce7f021bcba74953d9a908d7212b6575%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637014342590931622&amp;sdata=MqI70UA3fjV33uZIU7cZZKzCby0r5I6HUZZqmd%2FvfDc%3D&amp;reserved=0


    Re: [PATCH linux-4.19.y-cip-rt] staging: m57621-mmc: delete driver from the tree.

    Pavel Machek
     

    Hi!

    From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

    The license text in this driver is "interesting" and not really obvious
    that it is supposed to be able to be distributed in the kernel source
    tree. Yes, the MODULE_LICENSE() text says GPL, so it's probably ok, but
    to be safe, I am deleting this driver. I will be glad to add it back if
    the license is properly sorted out, but for now, this isn't worth the
    potential risk, I should have never taken it in the first place.
    Thanks for a patch, applied to 4.19-cip. It will appear in 4.19-cip-rt
    during the next update.

    If you want to see it in -cip-rt sooner, let me know.

    Best regards,
    Pavel
    --
    (english) http://www.livejournal.com/~pavelmachek
    (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html


    Re: Testing CIP kernel with Debian gcc

    SZ Lin (林上智) <sz.lin@...>
     

    Hi all,

    According to the discussion in IRC weekly meeting last week, do we
    want to add extra compiler options (e.g., security hardening) in CIP
    development? Or use origin setting from Debian package.

    I also attached Debian gcc 6.3 and 8.3 options below

    Any feedback is appreciated.

    SZ

    == Debian 9 gcc 6.3 options ==
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
    Target: x86_64-linux-gnu
    Configured with: ../src/configure -v --with-pkgversion='Debian
    6.3.0-18+deb9u1' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
    --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++
    --prefix=/usr --program-suffix=-6 --program-prefix=x86_64-linux-gnu-
    --enable-shared --enable-linker-build-id --libexecdir=/usr/lib
    --without-included-gettext --enable-threads=posix --libdir=/usr/lib
    --enable-nls --with-sysroot=/ --enable-clocale=gnu
    --enable-libstdcxx-debug --enable-libstdcxx-time=yes
    --with-default-libstdcxx-abi=new --enable-gnu-unique-object
    --disable-vtable-verify --enable-libmpx --enable-plugin
    --enable-default-pie --with-system-zlib --disable-browser-plugin
    --enable-java-awt=gtk --enable-gtk-cairo
    --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre
    --enable-java-home
    --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
    --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
    --with-arch-directory=amd64
    --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
    --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch
    --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
    --enable-multilib --with-tune=generic --enable-checking=release
    --build=x86_64-linux-gnu --host=x86_64-linux-gnu
    --target=x86_64-linux-gnu
    Thread model: posix
    gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)
    ==

    == Debian 10 gcc 8.3 options ==
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/8/lto-wrapper
    OFFLOAD_TARGET_NAMES=nvptx-none
    OFFLOAD_TARGET_DEFAULT=1
    Target: x86_64-linux-gnu
    Configured with: ../src/configure -v --with-pkgversion='Debian
    8.3.0-19' --with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs
    --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++
    --prefix=/usr --with-gcc-major-version-only --program-suffix=-8
    --program-prefix=x86_64-linux-gnu- --enable-shared
    --enable-linker-build-id --libexecdir=/usr/lib
    --without-included-gettext --enable-threads=posix --libdir=/usr/lib
    --enable-nls --enable-bootstrap --enable-clocale=gnu
    --enable-libstdcxx-debug --enable-libstdcxx-time=yes
    --with-default-libstdcxx-abi=new --enable-gnu-unique-object
    --disable-vtable-verify --enable-libmpx --enable-plugin
    --enable-default-pie --with-system-zlib --with-target-system-zlib
    --enable-objc-gc=auto --enable-multiarch --disable-werror
    --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
    --enable-multilib --with-tune=generic
    --enable-offload-targets=nvptx-none --without-cuda-driver
    --enable-checking=release --build=x86_64-linux-gnu
    --host=x86_64-linux-gnu --target=x86_64-linux-gnu
    --with-build-config=bootstrap-lto --enable-link-mutex
    Thread model: posix
    gcc version 8.3.0 (Debian 8.3.0-19)
    ==

    Ben Hutchings <ben.hutchings@codethink.co.uk> 於 2019年8月9日 週五 下午9:05寫道:


    On Thu, 2019-08-08 at 12:05 +0000, Chris Paterson wrote:
    [...]
    Do Debian make any changes/fixes in their gcc package?
    Yes, they are usually snapshots of a release branch, with some cherry-
    picked fixes e.g. for gcc-8 in buster the latest changelog entry is:

    gcc-8 (8.3.0-6) unstable; urgency=medium

    * Update to SVN 20190406 (r270182) from the gcc-8-branch.
    - Fix PR middle-end/89934, PR lto/89896.
    * Fix PR fortran/89981, taken from the trunk.

    -- Matthias Klose <doko@debian.org> Sat, 06 Apr 2019 16:44:55 +0200

    Older gcc packages also have backports of retpoline support.

    The packages provided in the links above are presumably for compiling in the native system.
    Does Debian provide suitable packages for cross-compiling?
    [...]

    Yes, starting with stretch there are cross-compilers for x86 and arm64
    targetting most release architectures. They are named gcc-<major>-
    <triplet>, e.g. gcc-8-arm-linux-gnueabihf (except that x86_64 is
    changed to x86-64 since underscores aren't allowed in package names).

    Ben.

    --
    Ben Hutchings, Software Developer Codethink Ltd
    https://www.codethink.co.uk/ Dale House, 35 Dale Street
    Manchester, M1 2HF, United Kingdom

    _______________________________________________
    cip-dev mailing list
    cip-dev@lists.cip-project.org
    https://lists.cip-project.org/mailman/listinfo/cip-dev


    CIP IRC weekly meeting today

    SZ Lin (林上智) <SZ.Lin@...>
     

    Hi all,

    Kindly be reminded to attend the weekly meeting through IRC to discuss technical topics with CIP kernel today.

    *Please note that IRC meeting was rescheduled to UTC (GMT) 09:00 starting from the first week of Apr. according to TSC meeting*
    https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=8&day15&hour=9&min=0&sec=0&p1=241&p2=137&p3=179&p4=136&p5=37&p6=248

    US-West US-East UK DE TW JP
    02:00 05:00 10:00 11:00 17:00 18:00

    Channel:
    * irc:chat.freenode.net:6667/cip

    Agenda:

    * Action item
    1. Provide the cases to cip-testing to build up the test environment - Iwamatsu-san
    2. Ask cip-dev which configurations need testing - patersonc
    3. Test LTS (pre)releases directly - patersonc
    4. Discuss the primary repository in CIP kernel development (kernel.org or gitlab) - kernel team
    5. Discuss and make a decision on default compiler's options - kernel team

    * Kernel maintenance updates
    * Kernel testing
    * CIP Core
    * Software update
    * AOB

    The meeting will take 30 min, although it can be extended to an hour if it makes sense and those involved in the topics can stay. Otherwise, the topic will be taken offline or in the next meeting.

    I won't be able to attend this meeting, Gavin will chair today's meeting.

    Best regards,

    SZ Lin, Moxa.


    [Git][cip-project/cip-kernel/cip-kernel-sec] Pushed new branch bwh/web-report-affected

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed new branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec


    [Git][cip-project/cip-kernel/cip-kernel-sec] Pushed new branch bwh/update-issues

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed new branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec


    [Git][cip-project/cip-kernel/cip-kernel-sec][master] 3 commits: Import more data

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

    Commits:

    • d2f70487
      by Ben Hutchings at 2019-08-06T15:53:33Z
      Import more data
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      
    • 8747b6a7
      by Ben Hutchings at 2019-08-06T16:12:50Z
      Fill in status for linux-4.4.y-cip-rt for two issues
      
      I missed these two when adding the -rt branches.
      
      Fixes: 71a5163608b3 ("Add linux-4.{4,19}.y-cip-rt branches to ...")
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      
    • 58c58863
      by Ben Hutchings at 2019-08-14T18:23:09Z
      Merge branch 'bwh/update-issues' into 'master'
      
      Update issues
      
      See merge request cip-project/cip-kernel/cip-kernel-sec!4

    17 changed files:

    Changes:

  • issues/CVE-2017-18379.yml
    1 1
     description: 'nvmet-fc: ensure target queue id within range'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18379
    
    4
    +- https://git.kernel.org/linus/0c319d3a144d4b8f1ea2047fd614d2149b68f889
    
    5
    +comments:
    
    6
    +  Debian-bwh: |-
    
    7
    +    Introduced in Linux 4.10 by commit c53432030d86 "nvme-fabrics: Add
    
    8
    +    target support for FC transport".
    
    2 9
     introduced-by:
    
    3 10
       mainline: [c53432030d86429dc9fe5adc3d68cb9d1343b0b2]
    
    4 11
     fixed-by:
    

  • issues/CVE-2017-ipv6-mroute-type-check.yml
    1
    +description: IPv6 mroute missing type check
    
    2
    +references:
    
    3
    +- https://lists.openwall.net/netdev/2017/12/04/40
    
    4
    +fixed-by:
    
    5
    +  linux-4.4.y: [ee2f25641633ffb03fb88e4fa8a6424d24d3f295]
    
    6
    +  linux-4.9.y: [1e531ad4316cb47c6c2b42f3257d1841a6e837e7]
    
    7
    +  mainline: [99253eb750fda6a644d5188fb26c43bad8d5a745]

  • issues/CVE-2018-13093.yml
    ... ... @@ -5,6 +5,8 @@ references:
    5 5
     - https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff
    
    6 6
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093
    
    7 7
     - https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff
    
    8
    +reporters:
    
    9
    +- Wen Xu
    
    8 10
     introduced-by:
    
    9 11
       mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
    
    10 12
     fixed-by:
    

  • issues/CVE-2018-20854.yml
    ... ... @@ -6,6 +6,11 @@ references:
    6 6
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20854
    
    7 7
     - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
    
    8 8
     - https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
    
    9
    +comments:
    
    10
    +  Debian-carnil: |-
    
    11
    +    Driver intorduced in same upstream version as per 51f6b410fc22
    
    12
    +    ("phy: add driver for Microsemi Ocelot SerDes muxing") so it is
    
    13
    +    disputable why this has a CVE.
    
    9 14
     introduced-by:
    
    10 15
       mainline: [51f6b410fc220d8a5a4fae00ebfd8243b6c11d4e]
    
    11 16
     fixed-by:
    

  • issues/CVE-2018-20855.yml
    ... ... @@ -4,6 +4,12 @@ references:
    4 4
     - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
    
    5 5
     - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00
    
    6 6
     - https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in Linux 4.17 by commit 41d902cb7c32 "RDMA/mlx5: Fix
    
    10
    +    definition of mlx5_ib_create_qp_resp".
    
    11
    +introduced-by:
    
    12
    +  mainline: [41d902cb7c326d711674977763c4b30df87611bc]
    
    7 13
     fixed-by:
    
    8 14
       mainline: [0625b4ba1a5d4703c7fb01c497bd6c156908af00]
    
    9 15
     ignore:
    

  • issues/CVE-2018-20856.yml
    ... ... @@ -4,6 +4,10 @@ references:
    4 4
     - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
    
    5 5
     - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24
    
    6 6
     - https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    Introduced in Linux 3.18 by commit 7c94e1c157a2 "block: introduce
    
    10
    +    blk_flush_queue to drive flush machinery".
    
    7 11
     introduced-by:
    
    8 12
       mainline: [7c94e1c157a227837b04f02f5edeff8301410ba2]
    
    9 13
     fixed-by:
    

  • issues/CVE-2019-10207.yml
    ... ... @@ -2,3 +2,19 @@ description: 'bluetooth: hci_uart: 0x0 address execution as nonprivileged user'
    2 2
     references:
    
    3 3
     - https://www.openwall.com/lists/oss-security/2019/07/25/1
    
    4 4
     - https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@.../T/#u
    
    5
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207
    
    6
    +- https://lore.kernel.org/linux-bluetooth/20190729122215.9948-1-vdronov@.../
    
    7
    +comments:
    
    8
    +  Debian-bwh: |-
    
    9
    +    For hci_ath, this was introduced in Linux 2.6.36 by commit
    
    10
    +    b3190df62861 "Bluetooth: Support for Atheros AR300x serial chip".
    
    11
    +    For hci_uart, this was introduced in Linux 4.2 by commit
    
    12
    +    2a973dfada2b "Bluetooth: hci_uart: Add new line discipline
    
    13
    +    enhancements".
    
    14
    +fixed-by:
    
    15
    +  linux-4.14.y: [69f9c2bc3f754ad1d610b30b940681d678c8e684]
    
    16
    +  linux-4.19.y: [56966212e23f82ced10831f7cca02f7339147428]
    
    17
    +  linux-4.4.y: [37fb924139954a28a1f04959070c3cc762b0de4c]
    
    18
    +  linux-4.9.y: [58a01b0bd8ea5fddb51d4d854bb149a1a7312c12]
    
    19
    +  linux-5.2.y: [785b5dc6c06083a874d7bda593de06a01ac7fe6a]
    
    20
    +  mainline: [b36a1552d7319bbfd5cf7f08726c23c5c66d4f73]

  • issues/CVE-2019-11091.yml
    ... ... @@ -133,6 +133,18 @@ fixed-by:
    133 133
         f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,
    
    134 134
         179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,
    
    135 135
         683f9fba8c27817b6c2f7320a4095ca353022651]
    
    136
    +  linux-4.4.y-cip-rt: [a50e2ca5757f54fc5b0eabbb77a509209cbcc40d, 31a2c5f7a25b1cf4739ccd0244b0b270c42dab89,
    
    137
    +    71041afe26a30d8a5bfb75ff5699c9cfdee5250a, 693eb3bdaf19dd58aea99a5ed088dd6319ecc098,
    
    138
    +    0f961ec593057bad865d3a9f6834c0ca1582d486, 3092ad5c4f2ed6925847273a65c5598a73ee88d8,
    
    139
    +    2b26dff34698b8f4b57c5492c17a3fcf71e32de6, 0144cbc1247411f6fa07447ce9a4ae204903031a,
    
    140
    +    e2896d6b1e485605b5c436f11abc2016a60c083a, 06deb655ae265b397cd013db5cb77aa442a68617,
    
    141
    +    48204fd98023ff7d05166c7ddb9d8afd2c5006e9, e0e64cdc7fd9eb3dbcf670e8c3dd9dfd0501d104,
    
    142
    +    9fe26a407f0eca058829dec41a4de71c70bfc3ec, 3fb41b4e2d389f2b187e2e12a7c8611d6c4b0e30,
    
    143
    +    8c7398befdf1ecb163b5d0f6f5ba27b45c63211e, d4c1e6cbbcdca0f4688a58092ecbb81a58fe4421,
    
    144
    +    a41a2dee403d99e6c13d35b935a310b0609b8e6a, 7a6c2a6c4235e68472d1924b2d3f6f808ee5d39a,
    
    145
    +    f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,
    
    146
    +    179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,
    
    147
    +    683f9fba8c27817b6c2f7320a4095ca353022651]
    
    136 148
       linux-4.9.y: [ffe8cffc8be1ae47c08cbc3571bed6b5b0fa53ad, 192d1975450e51c1abb725343a7e19a4d61e30bd,
    
    137 149
         626743f43da44598076019a82193caf49dca1fde, 2a099011de8abebac475a90dad1835c60dfca88c,
    
    138 150
         da360f1f5eb43e0d71009bab3be53c7a06d40caf, 96c06cda5b4bdc6a3a9a8f8adc46c86077a70ee0,
    

  • issues/CVE-2019-11487.yml
    ... ... @@ -14,6 +14,7 @@ references:
    14 14
     - https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
    
    15 15
     - https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
    
    16 16
     - https://usn.ubuntu.com/usn/usn-4069-1
    
    17
    +- https://usn.ubuntu.com/usn/usn-4069-2
    
    17 18
     comments:
    
    18 19
       Debian-bwh: |-
    
    19 20
         I'm having trouble backporting to this to 3.16 because we don't
    
    ... ... @@ -45,3 +46,4 @@ ignore:
    45 46
       linux-3.16.y: Minor issue, difficult to backport fix
    
    46 47
       linux-4.4.y: Minor issue, difficult to backport fix
    
    47 48
       linux-4.4.y-cip: Minor issue, difficult to backport fix
    
    49
    +  linux-4.4.y-cip-rt: Minor issue, difficult to backport fix

  • issues/CVE-2019-11599.yml
    ... ... @@ -8,6 +8,7 @@ references:
    8 8
     - http://www.openwall.com/lists/oss-security/2019/04/29/2
    
    9 9
     - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
    
    10 10
     - https://usn.ubuntu.com/usn/usn-4069-1
    
    11
    +- https://usn.ubuntu.com/usn/usn-4069-2
    
    11 12
     comments:
    
    12 13
       Debian-bwh: |-
    
    13 14
         The backports to 4.4 and 4.9 are still under discussion.
    

  • issues/CVE-2019-11833.yml
    ... ... @@ -7,6 +7,7 @@ references:
    7 7
     - https://usn.ubuntu.com/usn/usn-4068-2
    
    8 8
     - https://usn.ubuntu.com/usn/usn-4069-1
    
    9 9
     - https://usn.ubuntu.com/usn/usn-4076-1
    
    10
    +- https://usn.ubuntu.com/usn/usn-4069-2
    
    10 11
     introduced-by:
    
    11 12
       mainline: [a86c61812637c7dd0c57e29880cffd477b62f2e7]
    
    12 13
     fixed-by:
    

  • issues/CVE-2019-11884.yml
    ... ... @@ -8,6 +8,7 @@ references:
    8 8
     - https://usn.ubuntu.com/usn/usn-4068-2
    
    9 9
     - https://usn.ubuntu.com/usn/usn-4069-1
    
    10 10
     - https://usn.ubuntu.com/usn/usn-4076-1
    
    11
    +- https://usn.ubuntu.com/usn/usn-4069-2
    
    11 12
     comments:
    
    12 13
       Debian-carnil: similar issue to CVE-2011-1079.
    
    13 14
     fixed-by:
    

  • issues/CVE-2019-13631.yml
    ... ... @@ -5,7 +5,10 @@ references:
    5 5
     introduced-by:
    
    6 6
       mainline: [a19ceb56cbd1e1beff3e9cf6042e1f31f6487aa6]
    
    7 7
     fixed-by:
    
    8
    +  linux-4.14.y: [81bf168d855cc1d97a7c9cde6787ff42485556c8]
    
    8 9
       linux-4.19.y: [d657077eda7b5572d86f2f618391bb016b5d9a64]
    
    10
    +  linux-4.4.y: [3ca20e950203a6c7759186ec4e89cbd33ee2bf81]
    
    11
    +  linux-4.9.y: [2628fa1a6d824ee1f3fe67a272a3d00ba33d23fa]
    
    9 12
       linux-5.2.y: [63fabf4287b23da069986b7a7fdc6ad0b202f00a]
    
    10 13
       mainline: [2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1]
    
    11 14
     ignore:
    

  • issues/CVE-2019-13648.yml
    ... ... @@ -2,6 +2,7 @@ description: 'powerpc/tm: Fix oops on sigreturn on systems without TM'
    2 2
     references:
    
    3 3
     - https://patchwork.ozlabs.org/patch/1133904/
    
    4 4
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648
    
    5
    +- https://www.openwall.com/lists/oss-security/2019/07/30/1
    
    5 6
     comments:
    
    6 7
       Debian-bwh: |-
    
    7 8
         We have disabled CONFIG_PPC_TRANSACTIONAL_MEM in 4.9.184-1 for
    
    ... ... @@ -11,6 +12,11 @@ reporters:
    11 12
     introduced-by:
    
    12 13
       mainline: [2b0a576d15e0e14751f00f9c87e46bad27f217e7]
    
    13 14
     fixed-by:
    
    15
    +  linux-4.14.y: [26bee6ef0d72193d58a085610fe49169d23baa83]
    
    16
    +  linux-4.19.y: [b993a66d8ddc1c26da0d9aa3471789cc170b28ee]
    
    17
    +  linux-4.4.y: [e67fd28f9ed887d0c8124bda96b66dab87823eac]
    
    18
    +  linux-4.9.y: [08ee34d86c9c6a9b93c0986d7fc6e272690e8d24]
    
    19
    +  linux-5.2.y: [8716e8d122e12799eff9e92c05fdabba31d47b2f]
    
    14 20
       mainline: [f16d80b75a096c52354c6e0a574993f3b0dfbdfe]
    
    15 21
     ignore:
    
    16 22
       linux-4.19.y-cip: No members are using powerpc
    

  • issues/CVE-2019-14283.yml
    1 1
     description: 'floppy: fix out-of-bounds read in copy_buffer'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283
    
    4
    +- https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
    
    5
    +introduced-by:
    
    6
    +  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
    
    2 7
     fixed-by:
    
    8
    +  linux-4.14.y: [80637a906eded08e04ed8a6fbbdd2b8112eaa387]
    
    3 9
       linux-4.19.y: [ff54c44f103825a426e46d08b5d3d76e44791a87]
    
    10
    +  linux-4.4.y: [d105eaf5fb67a193df8fe72e64690c43e343a560]
    
    11
    +  linux-4.9.y: [1fdefbb5bc70ff20ea49083c6984aae86e3ecf93]
    
    4 12
       linux-5.2.y: [d39c2e97277229970fe2ae56dcbf67a535e14873]
    
    5 13
       mainline: [da99466ac243f15fbba65bd261bfc75ffa1532b6]
    
    6 14
     ignore:
    

  • issues/CVE-2019-14284.yml
    1 1
     description: 'floppy: fix div-by-zero in setup_format_params'
    
    2
    +references:
    
    3
    +- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14284
    
    4
    +- https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
    
    5
    +introduced-by:
    
    6
    +  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]
    
    2 7
     fixed-by:
    
    8
    +  linux-4.14.y: [a904a690ea0317fcd88c5b9dfef40ef0f98d9530]
    
    3 9
       linux-4.19.y: [6e34fd07484a0622a17b40e0ca89ed451260ef45]
    
    10
    +  linux-4.4.y: [26d6284d5d392bd96c414f745bcbf3620e93c8fd]
    
    11
    +  linux-4.9.y: [604206cde7a6c1907f6f03d90c37505a45ef1b62]
    
    4 12
       linux-5.2.y: [697c0af7468a941522c1e26345aa5128fa2a4815]
    
    5 13
       mainline: [f3554aeb991214cbfafd17d55e2bfddb50282e32]
    
    6 14
     ignore:
    

  • issues/CVE-2019-3900.yml
    ... ... @@ -12,5 +12,7 @@ introduced-by:
    12 12
     fixed-by:
    
    13 13
       linux-4.14.y: [ae446749492d8bd23f1d0b81adba16e5739dc740, 46c7fce709dccb4b0e4a5a06bfacdf2bb1a4fc43,
    
    14 14
         011942d12cc28c58fdeb2ca77e745c4c370fc250]
    
    15
    +  linux-4.19.y: [3af3b843aee41ed22343b011a4cf3812a80d2f38, 239910101c4ebf91a00e6f4a81ac3144b121f0c4,
    
    16
    +    02cdc166128cf9cb2be4786b997eebbc0b976bfa]
    
    15 17
       mainline: [e2412c07f8f3040593dfb88207865a3cd58680c0, e79b431fb901ba1106670bcc80b9b617b25def7d,
    
    16 18
         c1ea02f15ab5efb3e93fc3144d895410bf79fcf2]


  • [Git][cip-project/cip-kernel/cip-kernel-sec] Deleted branch bwh/update-issues

    Agustin Benito Bethencourt
     

    Ben Hutchings deleted branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec


    [Git][cip-project/cip-kernel/cip-kernel-sec] Deleted branch bwh/issue-triage-doc

    Agustin Benito Bethencourt
     

    Ben Hutchings deleted branch bwh/issue-triage-doc at cip-project / cip-kernel / cip-kernel-sec


    [Git][cip-project/cip-kernel/cip-kernel-sec][master] 2 commits: Start a "Triaging kernel security issues" document

    Agustin Benito Bethencourt
     

    Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

    Commits:

    • 836580d0
      by Ben Hutchings at 2019-08-06T14:36:19Z
      Start a "Triaging kernel security issues" document
      
      
      
      This is intended to cover some of the manual triage that I'm currently
      
      doing after importing issue data.
      
      
      
      Signed-off-by: Ben Hutchings <ben.hutchings@...>
      
      
    • 9ff7bd4e
      by Ben Hutchings at 2019-08-14T18:22:57Z
      Merge branch 'bwh/issue-triage-doc' into 'master'
      
      
      
      Start a "Triaging kernel security issues" document
      
      
      
      See merge request cip-project/cip-kernel/cip-kernel-sec!3

    1 changed file:

    Changes:

  • issue-triage.md
    1
    +# Triaging kernel security issues
    
    
    2
    +
    
    
    3
    +The import scripts can automatically fill in much of the important
    
    
    4
    +information about security issues, but sometimes you will need to
    
    
    5
    +manually fill in details.  This document describes how to do that,
    
    
    6
    +specifically to record that issues don't affect some or all branches.
    
    
    7
    +
    
    
    8
    +## Check that the issue is valid
    
    
    9
    +
    
    
    10
    +Anyone can apply to MITRE to assign a CVE ID, and MITRE does not
    
    
    11
    +verify that the security issues are real.  In some cases,
    
    
    12
    +inexperienced security researchers request CVE IDs for bugs that look
    
    
    13
    +like security issues, but are not.
    
    
    14
    +
    
    
    15
    +For example, a potential null pointer dereference that can be
    
    
    16
    +triggered by an unprivileged user would be a denial-of-service
    
    
    17
    +vulnerability.  However, if it can only be triggered by a user with
    
    
    18
    +the global CAP\_SYS\_ADMIN capability then it is not a security issue
    
    
    19
    +because a user with that capability can already shut down the system.
    
    
    20
    +
    
    
    21
    +If the issue is not valid, mark it to be ignored for all branches
    
    
    22
    +and add a comment explaining why:
    
    
    23
    +
    
    
    24
    +    comments:
    
    
    25
    +      your-short-name: |-
    
    
    26
    +        This is invalid because …
    
    
    27
    +
    
    
    28
    +    ignore:
    
    
    29
    +      all: Invalid
    
    
    30
    +
    
    
    31
    +## Identify how the issue was introduced
    
    
    32
    +
    
    
    33
    +If the import scripts did not fill in the "introduced-by" field
    
    
    34
    +for an issue, you should try to fill it in yourself, so that it's
    
    
    35
    +known which branches are affected.
    
    
    36
    +
    
    
    37
    +If a fix is available, its commit message should include a "Fixes"
    
    
    38
    +trailer that specifies the commit that introduced the issue.  This is
    
    
    39
    +*usually*, but not always, accurate.  You should review the specified
    
    
    40
    +commit and decide for yourself whether it really introduced the issue
    
    
    41
    +or whether the issue already existed in the previous version of the
    
    
    42
    +file(s).  Also check that it is an upstream commit (output of `git
    
    
    43
    +rev-list torvalds/master..`*commit-id* should be empty).  In case it
    
    
    44
    +is a commit on a stable branch, use the corresponding upstream commit
    
    
    45
    +ID instead.
    
    
    46
    +
    
    
    47
    +**TODO:** What if multiple commits are identified?
    
    
    48
    +
    
    
    49
    +If a fix is available, but it doesn't include a "Fixes" trailer or you
    
    
    50
    +decided that the specified commit was wrongly identified, you will
    
    
    51
    +need to review the git history.  First make sure that you understand
    
    
    52
    +where the bug was located, i.e. which function(s) and file(s) were
    
    
    53
    +incorrect.  Then use `git log -p`, possibly with the `-L` option, to
    
    
    54
    +view changes in those locations.  When you find a commit that appears
    
    
    55
    +to introduce the bug, make sure to review the complete diff to check
    
    
    56
    +whether the bug was really new, or if it already existed in some other
    
    
    57
    +source location.  If it already existed, you need to look further back
    
    
    58
    +in the history of that other source location.
    
    
    59
    +
    
    
    60
    +In some cases, the code that needs to be fixed was correct when
    
    
    61
    +originally introduced but became incorrect later because of an API
    
    
    62
    +change.  For example, it might have originally handled the two
    
    
    63
    +possible values of a parameter, but later on a third possible value
    
    
    64
    +was added.  In that case the "introduced-by" commit should be the one
    
    
    65
    +that made the API change.
    
    
    66
    +
    
    
    67
    +If the issue existed since the beginning of git history for the kernel
    
    
    68
    +(Linux 2.6.12-rc2), you should use that commit as the "introduced-by"
    
    
    69
    +commit.  Do *not* use commit IDs for older versions that are in
    
    
    70
    +converted repositories, as this may cause problems for other users
    
    
    71
    +that have not added those as remotes.
    
    
    72
    +
    
    
    73
    +Sometimes the commit that introduced the issue will have been
    
    
    74
    +backported to stable branches.  Use `scripts/import_stable.py` to
    
    
    75
    +fill in information about those backports.
    
    
    76
    +
    
    
    77
    +## Check the kernel configurations
    
    
    78
    +
    
    
    79
    +For CIP kernel branches, you can check in the
    
    
    80
    +[cip-kernel-config](https://gitlab.com/cip-project/cip-kernel/cip-kernel-config)
    
    
    81
    +repository whether the affected feature or source files are actually
    
    
    82
    +used by members.  If they are not used on a given branch, you can mark
    
    
    83
    +the issue to be ignored for that branch.
    
    
    84
    +
    
    
    85
    +Remember that the source files might have been renamed since a branch
    
    
    86
    +was created.  For example, if there is an issue in `tx.c` in the iwlwifi
    
    
    87
    +driver, you can check whether that was renamed between linux-4.4.y-cip
    
    
    88
    +and upstream by running:
    
    
    89
    +
    
    
    90
    +    git log --summary --full-diff --reverse cip/linux-4.4.y-cip..torvalds/master \
    
    
    91
    +        -- drivers/net/wireless/intel/iwlwifi/pcie/tx.c
    
    
    92
    +
    
    
    93
    +You can then see at the top of the log that the first commit to this
    
    
    94
    +filename renamed multiple source files, and what the old name for this
    
    
    95
    +file was:
    
    
    96
    +
    
    
    97
    +     rename drivers/net/wireless/{ => intel}/iwlwifi/pcie/tx.c (100%)
    
    
    98
    +


  • Re: Yocto repos for NXP referent platform MCIMXABASEV1 also known as SABRE platform?

    Zoran
     

    https://github.com/ZoranStojsavljevic/imx6-sabre-automotive-bsp

    Zoran
    _______

    On Sun, Aug 11, 2019 at 8:04 PM Zoran S
    <zoran.stojsavljevic.de@gmail.com> wrote:

    Found it...

    http://variwiki.com/index.php?title=Yocto_Build_Release&release=RELEASE_MORTY_V1

    Actually, it is thud, after all. But within few days I'll release
    public github repo with complete Sabre Automotive BSP setup.

    Parsing recipes: 100%
    |###################################################################################################################|
    Time: 0:03:18
    Parsing of 2571 .bb files complete (0 cached, 2571 parsed). 3567
    targets, 464 skipped, 0 masked, 0 errors.
    NOTE: Resolving any missing task queue dependencies

    Build Configuration:
    BB_VERSION = "1.40.0"
    BUILD_SYS = "x86_64-linux"
    NATIVELSBSTRING = "fedora-30"
    TARGET_SYS = "arm-fslc-linux-gnueabi"
    MACHINE = "imx6qdlsabreauto"
    DISTRO = "fslc-framebuffer"
    DISTRO_VERSION = "2.6"
    TUNE_FEATURES = "arm armv7a vfp thumb neon callconvention-hard"
    TARGET_FPU = "hard"
    meta
    meta-poky = "HEAD:50f33d3bfebcbfb1538d932fb487cfd789872026"
    meta-oe
    meta-multimedia = "HEAD:4cd3a39f22a2712bfa8fc657d09fe2c7765a4005"
    meta-freescale = "HEAD:46fcbab00f7e01ded4609c09be89161783426f41"
    meta-freescale-3rdparty = "HEAD:c4b5ac6b20e4245ce0630e9197313aaef999a331"
    meta-freescale-distro = "HEAD:4a244af3993ae662624c6f615464e6806cc719a2"
    meta-browser = "HEAD:75640e14e325479c076b6272b646be7a239c18aa"
    meta-gnome
    meta-networking
    meta-python = "HEAD:4cd3a39f22a2712bfa8fc657d09fe2c7765a4005"
    meta-qt5 = "HEAD:0630018c0033c91fddda62a49f59a82ba6ec6850"
    meta-swupdate = "HEAD:66af6e7e019b07b48facfd68be3c4ab2094502a4"
    meta-variscite-fslc = "HEAD:ff12ab716e1c3f47e723a377f00aa01fa3e5b955"

    Best Regards.
    Zoran
    _______

    On Fri, Aug 9, 2019 at 9:17 AM Zoran S <zoran.stojsavljevic.de@gmail.com> wrote:

    Hello to all,

    I am trying to find out some recent yocto repo, which contains YOCTO
    reference repo for the following NXP board:
    MCIMXABASEV1 also called SABRE platform.

    Here is one repo I found reading this document... But this is too outdated!

    http://events17.linuxfoundation.org/sites/events/files/slides/AGLAMM_How%20we%20Run%20AGL%20on%20i.MX%20processors_tkobayashi_25FEB16%20rev.D.pdf

    Does anybody have some other repos/suggestions in mind for such a
    board? Please, come forward if yes...

    Thank you,
    Zoran
    _______


    Re: Yocto repos for NXP referent platform MCIMXABASEV1 also known as SABRE platform?

    Zoran
     

    Found it...

    http://variwiki.com/index.php?title=Yocto_Build_Release&release=RELEASE_MORTY_V1

    Actually, it is thud, after all. But within few days I'll release
    public github repo with complete Sabre Automotive BSP setup.

    Parsing recipes: 100%
    |###################################################################################################################|
    Time: 0:03:18
    Parsing of 2571 .bb files complete (0 cached, 2571 parsed). 3567
    targets, 464 skipped, 0 masked, 0 errors.
    NOTE: Resolving any missing task queue dependencies

    Build Configuration:
    BB_VERSION = "1.40.0"
    BUILD_SYS = "x86_64-linux"
    NATIVELSBSTRING = "fedora-30"
    TARGET_SYS = "arm-fslc-linux-gnueabi"
    MACHINE = "imx6qdlsabreauto"
    DISTRO = "fslc-framebuffer"
    DISTRO_VERSION = "2.6"
    TUNE_FEATURES = "arm armv7a vfp thumb neon callconvention-hard"
    TARGET_FPU = "hard"
    meta
    meta-poky = "HEAD:50f33d3bfebcbfb1538d932fb487cfd789872026"
    meta-oe
    meta-multimedia = "HEAD:4cd3a39f22a2712bfa8fc657d09fe2c7765a4005"
    meta-freescale = "HEAD:46fcbab00f7e01ded4609c09be89161783426f41"
    meta-freescale-3rdparty = "HEAD:c4b5ac6b20e4245ce0630e9197313aaef999a331"
    meta-freescale-distro = "HEAD:4a244af3993ae662624c6f615464e6806cc719a2"
    meta-browser = "HEAD:75640e14e325479c076b6272b646be7a239c18aa"
    meta-gnome
    meta-networking
    meta-python = "HEAD:4cd3a39f22a2712bfa8fc657d09fe2c7765a4005"
    meta-qt5 = "HEAD:0630018c0033c91fddda62a49f59a82ba6ec6850"
    meta-swupdate = "HEAD:66af6e7e019b07b48facfd68be3c4ab2094502a4"
    meta-variscite-fslc = "HEAD:ff12ab716e1c3f47e723a377f00aa01fa3e5b955"

    Best Regards.
    Zoran
    _______

    On Fri, Aug 9, 2019 at 9:17 AM Zoran S <zoran.stojsavljevic.de@gmail.com> wrote:

    Hello to all,

    I am trying to find out some recent yocto repo, which contains YOCTO
    reference repo for the following NXP board:
    MCIMXABASEV1 also called SABRE platform.

    Here is one repo I found reading this document... But this is too outdated!

    http://events17.linuxfoundation.org/sites/events/files/slides/AGLAMM_How%20we%20Run%20AGL%20on%20i.MX%20processors_tkobayashi_25FEB16%20rev.D.pdf

    Does anybody have some other repos/suggestions in mind for such a
    board? Please, come forward if yes...

    Thank you,
    Zoran
    _______


    [ANNOUNCE] Release v4.19.65-cip8 and v4.4.188-cip36

    Nobuhiro Iwamatsu
     

    Hi all,

    CIP kernel team has released Linux kernel v4.19.65-cip8 and v4.4.188-cip36.

    The linux-4.19.y-cip tree has been updated from base version from 4.19.60 to 4.19.65.
    The linux-4.4.y-cip tree has been updated from base version from 4.4.185 to 4.4.188,
    and patches that adds support for I2C, QSPI and RTC for iwg23s-sbc has been applied.

    You can get this release via the git tree at:

    v4.19.65-cip8:

    repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
    branch: linux-4.19.y-cip
    commit: e68719ce48d5c4b1b761d1d67d5c33fef1153c88

    v4.4.188-cip36:

    repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
    branch: linux-4.4.y-cip
    commit: 1425fbca32aa82d4a81303cd7c8e0f1aac0ed746

    Best regards,
    Nobuhiro

    5561 - 5580 of 8411