Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master 2025-11-19T17:41:31+00:00 2025-11-19T17:41:31+00:00 Leon Anavi leon.anavi@konsulko.com 2025-11-19T15:26:07+00:00 urn:sha1:e1903a0fe7c7aa4a38d054c4a9cf74802f8f462f Upgrade to release 3.4.0: - bd_nvme_connect() now defaults to port 4420 or 8009 for discovery NQN respectively when - configure.ac: fix bashism - smart: Use drive self-assessment as an overall status - nvme: Default to well-known tr_svcid values when not specified - nvme: Handle memory allocation failures from _nvme_alloc() - crypto: Add a function to set persistent flags for LUKS - tests: Various minor mptovements Drop CVE-2025-6019.patch because the change has been merged in the upstream and it is included in version 3.4.0. This work was sponsored by GOVCERT.LU. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-10-11T02:24:38+00:00 Corentin Guillevic corentin.guillevic@smile.fr 2025-10-10T15:29:35+00:00 urn:sha1:3fd372d79b400569ed09c68735c25c87bd476135 The --with-smart option behind the feature "smart" relies on the drivedb.h header, provided by smartmontools package (/usr/share/smartmontools/drivedb.h). However the dependencies (DEPENDS) miss this package. Furthermore, if the --with-drivedb option is not used, the configuration step will search for the file first on the host's rootfs. This may result in the wrong header being picked, or the --with-smart option being silently disabled due to incomplete dependencies (causing missing header). The header is now guaranteed to be present due to an added dependency in the "smart" feature, and its location is specified by the --with-drivedb option. Signed-off-by: Corentin Guillevic <corentin.guillevic@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-07-03T06:27:07+00:00 Changqing Li changqing.li@windriver.com 2025-07-03T06:07:01+00:00 urn:sha1:1978c871f19e477d03c3ecd7cc1246de55f6f205 CVE-2025-6019: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. Refer: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-06-25T13:44:52+00:00 Alexander Kanavin alex@linutronix.de 2025-06-20T14:06:53+00:00 urn:sha1:fc78d37ff0ce9e0d60455465851dbe4e86d7a8b3 Please see https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265 for what changes are needed, and sed commands that can be used to make them en masse. I've verified that bitbake -c patch world works with these, but did not run a world build; the majority of recipes shouldn't need further fixups, but if there are some that still fall out, they can be fixed in followups. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2025-03-20T15:46:56+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2025-03-19T20:07:48+00:00 urn:sha1:eac1f5b9c0b1b81aa24827be94e4a1a91cd49eee Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-11-20T00:59:11+00:00 Wang Mingyu wangmy@fujitsu.com 2024-11-18T09:29:28+00:00 urn:sha1:5090a935650d0512f2e6daccaa049ea2c4ff5497 Changelog: =========== - crypto: check that IOC_OPAL_GET_STATUS is defined - smart: Clarify use of ID_ATA_SMART_ACCESS udev property - smart: Clarify ID_ATA_SMART_ACCESS udev property values - nvme: Avoid element-type g-i annotations - README: Update supported technologies - dist: Fix source URL in spec - packit: Fix generating spec from template - dist: Sync spec with downstream - misc: Fix installing test dependencies on Debian/Ubuntu - ci: Do not try to install test dependencies for CodeQL analysis - lvm: Clarify the global config functionallity in libblockdev - ci: Install 'python3-libdnf5' for TMT test plans - Makefile: Fix generating RPM log during bumpver Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-10-06T14:52:42+00:00 Yi Zhao yi.zhao@windriver.com 2024-10-06T10:43:38+00:00 urn:sha1:276ac2c78e37753db2fef34a471f691a28cd5f7a ChangeLog: https://github.com/storaged-project/libblockdev/releases/tag/3.2.0 * Drop 0001-libext2fs-unused-parameters-fix.patch as the issue has been fixed upstream. * Add PACKAGECONFIG[smart] and PACKAGECONFIG[smartmontools]. * Add libyaml dependency for PACKAGECONFIG[lvm] and PACKAGECONFIG[lvm-dbus]. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-08-24T22:46:31+00:00 Khem Raj raj.khem@gmail.com 2024-08-24T22:43:47+00:00 urn:sha1:fa2398e99968bc56b82e15e5f04dc6425174c8de Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-06-13T15:51:47+00:00 Weisser, Pascal pascal.weisser.ext@karlstorz.com 2024-06-13T12:13:00+00:00 urn:sha1:b528b5a13b8a41f9c867ea67e6628923d9bf2073 Related: https://github.com/openembedded/meta-openembedded/issues/832 Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2024-06-13T15:51:47+00:00 Weisser, Pascal pascal.weisser.ext@karlstorz.com 2024-06-13T12:12:59+00:00 urn:sha1:e9844b286a810e980f8bdfa3862d119ed1dd3a09 Related: https://github.com/openembedded/meta-openembedded/issues/832 Signed-off-by: Weisser, Pascal <pascal.weisser.ext@karlstorz.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>