From faa49504c47a58dfe23e7b478c964e12ea86efb8 Mon Sep 17 00:00:00 2001
From: P Dheeraj Srujan Kumar
Date: Mon, 1 Jan 2024 20:34:20 +0530
Subject: [PATCH] Update to internal 1-1.14
Signed-off-by: P Dheeraj Srujan Kumar
---
.../{openssl_1.1.1u.bb => openssl_1.1.1v.bb} | 2 +-
.../meta-common/recipes-core/dbus/dbus.inc | 35 +++
.../dbus/dbus/CVE-2022-42010.patch | 114 -------
.../dbus/dbus/CVE-2022-42011.patch | 55 ----
.../dbus/dbus/CVE-2022-42012.patch | 71 -----
...from_server-if-send_negotiate_unix_f.patch | 104 +++++++
.../recipes-core/dbus/dbus/dbus-1.init | 123 ++++++++
.../dbus/dbus/python-config.patch | 34 +++
.../recipes-core/dbus/dbus/run-ptest | 35 +++
.../dbus/stop_using_selinux_set_mapping.patch | 148 +++++++++
.../recipes-core/dbus/dbus/tmpdir.patch | 44 +++
.../recipes-core/dbus/dbus_%.bbappend | 6 -
.../recipes-core/dbus/dbus_1.12.28.bb | 153 ++++++++++
...1-libjpeg-turbo-fix-package_qa-error.patch | 32 ++
.../jpeg/libjpeg-turbo_3.0.0.bb | 60 ++++
.../linux/linux-aspeed/CVE-2022-3566.patch | 127 ++++++++
.../linux/linux-aspeed/CVE-2023-2156.patch | 39 +++
.../linux/linux-aspeed/CVE-2023-3161.patch | 52 ++++
.../linux/linux-aspeed/CVE-2023-3355.patch | 36 +++
.../linux/linux-aspeed/CVE-2023-3357.patch | 35 +++
.../linux/linux-aspeed_%.bbappend | 5 +
.../0002-Add-rate-limiting.patch | 287 ++++++++++++++++++
.../host/phosphor-host-postd_%.bbappend | 1 +
...-replacement-URI-response-error-code.patch | 35 +++
.../interfaces/bmcweb_%.bbappend | 1 +
.../recipes-phosphor/pmci/pldmd.bb | 2 +-
...binary-serialization-instead-of-JSON.patch | 104 +++++++
...ost-code-file-size-per-cycle-setting.patch | 63 ++++
.../phosphor-post-code-manager_git.bbappend | 8 +
.../curl/{curl_8.1.0.bb => curl_8.2.0.bb} | 2 +-
30 files changed, 1564 insertions(+), 249 deletions(-)
rename meta-openbmc-mods/meta-common/recipes-connectivity/openssl/{openssl_1.1.1u.bb => openssl_1.1.1v.bb} (99%)
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus.inc
delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42010.patch
delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch
delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42012.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/dbus-1.init
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/python-config.patch
create mode 100755 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/run-ptest
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/tmpdir.patch
delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_%.bbappend
create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_1.12.28.bb
create mode 100644 meta-openbmc-mods/meta-common/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-3566.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3161.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3355.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3357.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0002-Add-rate-limiting.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0037-Fix-certificate-replacement-URI-response-error-code.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0001-Use-binary-serialization-instead-of-JSON.patch
create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0002-Max-post-code-file-size-per-cycle-setting.patch
rename meta-openbmc-mods/meta-common/recipes-support/curl/{curl_8.1.0.bb => curl_8.2.0.bb} (98%)
diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1u.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1v.bb
similarity index 99%
rename from meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1u.bb
rename to meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1v.bb
index 6e0ad9ac44..5353a94212 100644
--- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1u.bb
+++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1v.bb
@@ -15,7 +15,7 @@ PV = "1.0+git${SRCPV}"
S = "${WORKDIR}/git"
-SRCREV = "3f499b24f3bcd66db022074f7e8b4f6ee266a3ae"
+SRCREV = "5dae6451aac56bdf5be8dc5f20519da0bc55451a"
SRC_URI = "git://github.com/openssl/openssl.git;branch=OpenSSL_1_1_1-stable;protocol=https \
file://run-ptest \
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus.inc b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus.inc
new file mode 100644
index 0000000000..27e4bd0c47
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus.inc
@@ -0,0 +1,35 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+ file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+ file://tmpdir.patch \
+ file://dbus-1.init \
+ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+ file://stop_using_selinux_set_mapping.patch \
+"
+
+SRC_URI[md5sum] = "28d92a7a576f7feec7ddb3bb87b28b43"
+SRC_URI[sha256sum] = "9da1e3f2b73f75eec0a9e4509d64be43909d1f2853fe809528a0a53984d76420"
+
+EXTRA_OECONF = "--disable-xml-docs \
+ --disable-doxygen-docs \
+ --enable-largefile \
+ --with-system-socket=/run/dbus/system_bus_socket \
+ "
+EXTRA_OECONF:append:class-target = " SYSTEMCTL=${base_bindir}/systemctl"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
+ user-session \
+ "
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
+PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
+PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
+PACKAGECONFIG[audit] = "--enable-libaudit,--disable-libaudit,audit"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42010.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42010.patch
deleted file mode 100644
index d2693ed69f..0000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42010.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 9d07424e9011e3bbe535e83043d335f3093d2916 Mon Sep 17 00:00:00 2001
-From: Simon McVittie
-Date: Tue, 13 Sep 2022 15:10:22 +0100
-Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest
-correctly
-
-In debug builds with assertions enabled, a signature with incorrectly
-nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
-in an assertion failure.
-
-In production builds without assertions enabled, a signature with
-incorrectly nested `()` and `{}` could potentially result in a crash
-or incorrect message parsing, although we do not have a concrete example
-of either of these failure modes.
-
-Thanks: Evgeny Vereshchagin
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
-Resolves: CVE-2022-42010
-Signed-off-by: Simon McVittie
----
- dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++-
- 1 file changed, 37 insertions(+), 1 deletion(-)
-
-diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
-index 4d492f3f3..ae68414dd 100644
---- a/dbus/dbus-marshal-validate.c
-+++ b/dbus/dbus-marshal-validate.c
-@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
-
- int element_count;
- DBusList *element_count_stack;
-+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' };
-+ char last_bracket;
-
- result = DBUS_VALID;
- element_count_stack = NULL;
-@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
-
- while (p != end)
- {
-+ _dbus_assert (struct_depth + dict_entry_depth >= 0);
-+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
-+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0');
-+
- switch (*p)
- {
- case DBUS_TYPE_BYTE:
-@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
- goto out;
- }
-
-+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
-+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
-+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
-+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR;
- break;
-
- case DBUS_STRUCT_END_CHAR:
-@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
- goto out;
- }
-
-+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
-+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
-+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
-+
-+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR)
-+ {
-+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
-+ goto out;
-+ }
-+
- _dbus_list_pop_last (&element_count_stack);
-
- struct_depth -= 1;
-+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
- break;
-
- case DBUS_DICT_ENTRY_BEGIN_CHAR:
-@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
- goto out;
- }
-
-+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
-+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
-+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
-+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR;
- break;
-
- case DBUS_DICT_ENTRY_END_CHAR:
-@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
- result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
- goto out;
- }
--
-+
-+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
-+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
-+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
-+
-+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR)
-+ {
-+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
-+ goto out;
-+ }
-+
- dict_entry_depth -= 1;
-+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
-
- element_count =
- _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
---
-GitLab
-
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch
deleted file mode 100644
index 9284dd666d..0000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42011.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 079bbf16186e87fb0157adf8951f19864bc2ed69 Mon Sep 17 00:00:00 2001
-From: Simon McVittie
-Date: Mon, 12 Sep 2022 13:14:18 +0100
-Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of
- fixed-length items
-
-This fast-path previously did not check that the array was made up
-of an integer number of items. This could lead to assertion failures
-and out-of-bounds accesses during subsequent message processing (which
-assumes that the message has already been validated), particularly after
-the addition of _dbus_header_remove_unknown_fields(), which makes it
-more likely that dbus-daemon will apply non-trivial edits to messages.
-
-Thanks: Evgeny Vereshchagin
-Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
-Resolves: CVE-2022-42011
-Signed-off-by: Simon McVittie
----
- dbus/dbus-marshal-validate.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
-index ae68414dd..7d0d6cf72 100644
---- a/dbus/dbus-marshal-validate.c
-+++ b/dbus/dbus-marshal-validate.c
-@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader,
- */
- if (dbus_type_is_fixed (array_elem_type))
- {
-+ /* Note that fixed-size types all have sizes equal to
-+ * their alignments, so this is really the item size. */
-+ alignment = _dbus_type_get_alignment (array_elem_type);
-+ _dbus_assert (alignment == 1 || alignment == 2 ||
-+ alignment == 4 || alignment == 8);
-+
-+ /* Because the alignment is a power of 2, this is
-+ * equivalent to: (claimed_len % alignment) != 0,
-+ * but avoids slower integer division */
-+ if ((claimed_len & (alignment - 1)) != 0)
-+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
-+
- /* bools need to be handled differently, because they can
- * have an invalid value
- */
- if (array_elem_type == DBUS_TYPE_BOOLEAN)
- {
- dbus_uint32_t v;
-- alignment = _dbus_type_get_alignment (array_elem_type);
-
- while (p < array_end)
- {
---
-GitLab
-
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42012.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42012.patch
deleted file mode 100644
index 53b0e92ffe..0000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/CVE-2022-42012.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 236f16e444e88a984cf12b09225e0f8efa6c5b44 Mon Sep 17 00:00:00 2001
-From: Simon McVittie
-Date: Fri, 30 Sep 2022 13:46:31 +0100
-Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
-
-When a D-Bus message includes attached file descriptors, the body of the
-message contains unsigned 32-bit indexes pointing into an out-of-band
-array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
-these indexes as "handles" for the associated fds (not to be confused
-with a Windows HANDLE, which is a kernel object).
-
-The assertion message removed by this commit is arguably correct up to
-a point: fd-passing is only reasonable on a local machine, and no known
-operating system allows processes of differing endianness even on a
-multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
-to specify a byte-order that differs from the byte-order of the recipient.
-
-However, this doesn't account for the fact that a malicious sender
-doesn't have to restrict itself to only doing things that make sense.
-On a system with untrusted local users, a message sender could crash
-the system dbus-daemon (a denial of service) by sending a message in
-the opposite endianness that contains handles to file descriptors.
-
-Before this commit, if assertions are enabled, attempting to byteswap
-a fd index would cleanly crash the message recipient with an assertion
-failure. If assertions are disabled, attempting to byteswap a fd index
-would silently do nothing without advancing the pointer p, causing the
-message's type and the pointer into its contents to go out of sync, which
-can result in a subsequent crash (the crash demonstrated by fuzzing was
-a use-after-free, but other failure modes might be possible).
-
-In principle we could resolve this by rejecting wrong-endianness messages
-from a local sender, but it's actually simpler and less code to treat
-wrong-endianness messages as valid and byteswap them.
-
-Thanks: Evgeny Vereshchagin
-Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
-Resolves: CVE-2022-42012
-Signed-off-by: Simon McVittie
----
- dbus/dbus-marshal-byteswap.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
-index e9de6f02a..9dd1246f9 100644
---- a/dbus/dbus-marshal-byteswap.c
-+++ b/dbus/dbus-marshal-byteswap.c
-@@ -62,6 +62,7 @@ byteswap_body_helper (DBusTypeReader *reader,
- case DBUS_TYPE_BOOLEAN:
- case DBUS_TYPE_INT32:
- case DBUS_TYPE_UINT32:
-+ case DBUS_TYPE_UNIX_FD:
- {
- p = _DBUS_ALIGN_ADDRESS (p, 4);
- *((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p));
-@@ -192,11 +193,6 @@ byteswap_body_helper (DBusTypeReader *reader,
- }
- break;
-
-- case DBUS_TYPE_UNIX_FD:
-- /* fds can only be passed on a local machine, so byte order must always match */
-- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense");
-- break;
--
- default:
- _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
- break;
---
-GitLab
-
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch
new file mode 100644
index 0000000000..6bb6d9c82e
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch
@@ -0,0 +1,104 @@
+From b8f84bd39485d3977625c9a8b8e8cff5d23be56f Mon Sep 17 00:00:00 2001
+From: Roy Li
+Date: Thu, 27 Feb 2014 09:05:02 +0800
+Subject: [PATCH] dbus: clear guid_from_server if send_negotiate_unix_fd
+ failed
+
+Upstream-Status: Submitted
+
+bus-test dispatch test failed with below information:
+ ./bus/bus-test: Running message dispatch test
+ Activating service name='org.freedesktop.DBus.TestSuiteEchoService'
+ Successfully activated service 'org.freedesktop.DBus.TestSuiteEchoService'
+ 6363: assertion failed "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0" file "dbus-auth.c" line 1545 function process_ok
+ ./bus/bus-test(_dbus_print_backtrace+0x29) [0x80cb969]
+ ./bus/bus-test(_dbus_abort+0x14) [0x80cfb44]
+ ./bus/bus-test(_dbus_real_assert+0x53) [0x80b52c3]
+ ./bus/bus-test() [0x80e24da]
+ ./bus/bus-test(_dbus_auth_do_work+0x388) [0x80e3848]
+ ./bus/bus-test() [0x80aea49]
+ ./bus/bus-test() [0x80affde]
+ ./bus/bus-test(_dbus_transport_handle_watch+0xb1) [0x80ad841]
+ ./bus/bus-test(_dbus_connection_handle_watch+0x104) [0x8089174]
+ ./bus/bus-test(dbus_watch_handle+0xd8) [0x80b15e8]
+ ./bus/bus-test(_dbus_loop_iterate+0x4a9) [0x80d1509]
+ ./bus/bus-test(bus_test_run_clients_loop+0x5d) [0x808129d]
+ ./bus/bus-test() [0x806cab0]
+ ./bus/bus-test() [0x806e0ca]
+ ./bus/bus-test() [0x806da6f]
+ ./bus/bus-test(_dbus_test_oom_handling+0x18c) [0x80b5c8c]
+ ./bus/bus-test() [0x806f723]
+ ./bus/bus-test(bus_dispatch_test+0x3c) [0x8071aac]
+ ./bus/bus-test(main+0x1b7) [0x805acc7]
+ /lib/libc.so.6(__libc_start_main+0xf3) [0x45f919b3]
+ ./bus/bus-test() [0x805ae39]
+
+The stack is below:
+ #0 0xffffe425 in __kernel_vsyscall ()
+ #1 0x45fa62d6 in raise () from /lib/libc.so.6
+ #2 0x45fa9653 in abort () from /lib/libc.so.6
+ #3 0x080cfb65 in _dbus_abort () at dbus-sysdeps.c:94
+ #4 0x080b52c3 in _dbus_real_assert (condition=0,
+ condition_text=condition_text@entry=0x8117a38 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0",
+ file=file@entry=0x8117273 "dbus-auth.c", line=line@entry=1545,
+ func=func@entry=0x8117f8e <__FUNCTION__.3492> "process_ok")
+ data=0x8157290) at dbus-connection.c:1515
+ #0 0x00000033fee353e9 in raise () from /lib64/libc.so.6
+ #1 0x00000033fee38508 in abort () from /lib64/libc.so.6
+ #2 0x000000000047d585 in _dbus_abort () at dbus-sysdeps.c:94
+ #3 0x0000000000466486 in _dbus_real_assert (condition=,
+ condition_text=condition_text@entry=0x4c2988 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0",
+ file=file@entry=0x4c21a5 "dbus-auth.c", line=line@entry=1546,
+ func=func@entry=0x4c2fce <__FUNCTION__.3845> "process_ok")
+ at dbus-internals.c:931
+ #4 0x000000000048d424 in process_ok (args_from_ok=0x7fffffffe480,
+ auth=0x6ff340) at dbus-auth.c:1546
+ #5 handle_client_state_waiting_for_data (auth=0x6ff340,
+ command=, args=0x7fffffffe480) at dbus-auth.c:1996
+ #6 0x000000000048e789 in process_command (auth=0x6ff340) at dbus-auth.c:2208
+ #7 _dbus_auth_do_work (auth=0x6ff340) at dbus-auth.c:2458
+ #8 0x000000000046091d in do_authentication (
+ transport=transport@entry=0x6ffaa0, do_reading=do_reading@entry=1,
+ do_writing=do_writing@entry=0,
+ auth_completed=auth_completed@entry=0x7fffffffe55c)
+ at dbus-transport-socket.c:442
+ #9 0x0000000000461d08 in socket_handle_watch (transport=0x6ffaa0,
+ watch=0x6f4190, flags=1) at dbus-transport-socket.c:921
+ #10 0x000000000045fa3a in _dbus_transport_handle_watch (transport=0x6ffaa0,
+
+Once send_negotiate_unix_fd failed, this failure will happen, since
+auth->guid_from_server has been set to some value before
+send_negotiate_unix_fd. send_negotiate_unix_fd failure will lead to
+this auth be handled by process_ok again, but this auth->guid_from_server
+is not zero.
+
+So we should clear auth->guid_from_server if send_negotiate_unix_fd failed
+
+Signed-off-by: Roy Li
+---
+ dbus/dbus-auth.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
+index d2c37a7..37b45c6 100644
+--- a/dbus/dbus-auth.c
++++ b/dbus/dbus-auth.c
+@@ -1571,8 +1571,13 @@ process_ok(DBusAuth *auth,
+ _dbus_verbose ("Got GUID '%s' from the server\n",
+ _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));
+
+- if (auth->unix_fd_possible)
+- return send_negotiate_unix_fd(auth);
++ if (auth->unix_fd_possible) {
++ if (!send_negotiate_unix_fd(auth)) {
++ _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
++ return FALSE;
++ }
++ return TRUE;
++ }
+
+ _dbus_verbose("Not negotiating unix fd passing, since not possible\n");
+ return send_begin (auth);
+--
+1.7.10.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/dbus-1.init b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/dbus-1.init
new file mode 100644
index 0000000000..90e167e572
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/dbus-1.init
@@ -0,0 +1,123 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: dbus
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 1
+# Short-Description: D-Bus systemwide message bus
+# Description: D-Bus is a simple interprocess messaging system, used
+# for sending messages between applications.
+### END INIT INFO
+#
+# -*- coding: utf-8 -*-
+# Debian init.d script for D-BUS
+# Copyright © 2003 Colin Walters
+
+# set -e
+
+# Source function library.
+. /etc/init.d/functions
+
+DAEMON=@bindir@/dbus-daemon
+NAME=dbus
+DAEMONUSER=messagebus # must match /usr/share/dbus-1/system.conf
+PIDFILE=/var/run/dbus/pid # must match /usr/share/dbus-1/system.conf
+UUIDDIR=/var/lib/dbus
+DESC="system message bus"
+EVENTDIR=/etc/dbus-1/event.d
+
+test -x $DAEMON || exit 0
+
+# Source defaults file; edit that file to configure this script.
+ENABLED=1
+PARAMS=""
+if [ -e /etc/default/dbus ]; then
+ . /etc/default/dbus
+fi
+
+test "$ENABLED" != "0" || exit 0
+
+start_it_up()
+{
+ mkdir -p "`dirname $PIDFILE`"
+ if [ -e $PIDFILE ]; then
+ PIDDIR=/proc/$(cat $PIDFILE)
+ if [ -d ${PIDDIR} -a "$(readlink -f ${PIDDIR}/exe)" = "${DAEMON}" ]; then
+ echo "$DESC already started; not starting."
+ else
+ echo "Removing stale PID file $PIDFILE."
+ rm -f $PIDFILE
+ fi
+ fi
+
+ if [ ! -d $UUIDDIR ]; then
+ mkdir -p $UUIDDIR
+ chown $DAEMONUSER $UUIDDIR
+ chgrp $DAEMONUSER $UUIDDIR
+ fi
+
+ dbus-uuidgen --ensure
+
+ echo -n "Starting $DESC: "
+ start-stop-daemon -o --start --quiet --pidfile $PIDFILE \
+ --user $DAEMONUSER --exec $DAEMON -- --system $PARAMS
+ echo "$NAME."
+ if [ -d $EVENTDIR ]; then
+ run-parts --arg=start $EVENTDIR
+ fi
+}
+
+shut_it_down()
+{
+ if [ -d $EVENTDIR ]; then
+ # TODO: --reverse when busybox supports it
+ run-parts --arg=stop $EVENTDIR
+ fi
+ echo -n "Stopping $DESC: "
+ start-stop-daemon -o --stop --quiet --pidfile $PIDFILE \
+ --user $DAEMONUSER
+ # We no longer include these arguments so that start-stop-daemon
+ # can do its job even given that we may have been upgraded.
+ # We rely on the pidfile being sanely managed
+ # --exec $DAEMON -- --system $PARAMS
+ echo "$NAME."
+ rm -f $PIDFILE
+}
+
+reload_it()
+{
+ echo -n "Reloading $DESC config: "
+ dbus-send --print-reply --system --type=method_call \
+ --dest=org.freedesktop.DBus \
+ / org.freedesktop.DBus.ReloadConfig > /dev/null
+ # hopefully this is enough time for dbus to reload it's config file.
+ echo "done."
+}
+
+case "$1" in
+ start)
+ start_it_up
+ ;;
+ stop)
+ shut_it_down
+ ;;
+ status)
+ status $DAEMON
+ exit $?
+ ;;
+ reload|force-reload)
+ reload_it
+ ;;
+ restart)
+ shut_it_down
+ sleep 1
+ start_it_up
+ ;;
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/python-config.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/python-config.patch
new file mode 100644
index 0000000000..da2f10c726
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/python-config.patch
@@ -0,0 +1,34 @@
+When building the dbus-ptest package, we have to enable python. However
+checking if the host-system python has the necessary library isn't useful.
+
+Disable the python module check for cross compiling.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mark Hatle
+
+---
+ configure.ac | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 80d27b4..becc1cc 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -279,13 +279,6 @@ if test "x$enable_tests" = xyes; then
+ # full test coverage is required, Python is a hard dependency
+ AC_MSG_NOTICE([Full test coverage (--enable-tests=yes) requires Python, dbus-python, pygi])
+ AM_PATH_PYTHON([2.6])
+- AC_MSG_CHECKING([for Python modules for full test coverage])
+- if "$PYTHON" -c "import dbus, gi.repository.GObject, dbus.mainloop.glib"; then
+- AC_MSG_RESULT([yes])
+- else
+- AC_MSG_RESULT([no])
+- AC_MSG_ERROR([cannot import dbus, gi.repository.GObject, dbus.mainloop.glib Python modules])
+- fi
+ else
+ # --enable-tests not given: do not abort if Python is missing
+ AM_PATH_PYTHON([2.6], [], [:])
+--
+1.9.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/run-ptest b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/run-ptest
new file mode 100755
index 0000000000..d3eec08235
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/run-ptest
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+output() {
+ retcode=$?
+ if [ $retcode -eq 0 ]
+ then echo "PASS: $i"
+ elif [ $retcode -eq 77 ]
+ then echo "SKIP: $i"
+ else echo "FAIL: $i"
+ fi
+}
+
+export DBUS_TEST_HOMEDIR=./test
+export XDG_RUNTIME_DIR=./test
+export LD_LIBRARY_PATH=@PTEST_PATH@/test/.libs
+
+files=`ls test/test-*`
+
+for i in $files
+do
+ #these programs are used by testcase test-bus, don't run here
+ #additionally, test-names needs to be run under X
+ if [ $i = "test/test-service" ] \
+ || [ $i = "test/test-shell-service" ] \
+ || [ $i = "test/test-segfault" ] \
+ || [ $i = "test/test-bus" ] \
+ || [ $i = "test/test-names" ]
+ then
+ continue
+ fi
+
+ ./$i ./test/data >/dev/null 2>&1
+ output
+done
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch
new file mode 100644
index 0000000000..7035098e41
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch
@@ -0,0 +1,148 @@
+From 6072f8b24153d844a3033108a17bcd0c1a967816 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville
+Date: Sat, 3 Mar 2018 11:15:23 +0100
+Subject: [PATCH] Stop using selinux_set_mapping() function
+
+Currently, if the "dbus" security class or the associated AV doesn't
+exist, dbus-daemon fails to initialize and exits immediately. Also the
+security classes or access vector cannot be reordered in the policy.
+This can be a problem for people developing their own policy or trying
+to access a machine where, for some reasons, there is not policy defined
+at all.
+
+The code here copy the behaviour of the selinux_check_access() function.
+We cannot use this function here as it doesn't allow us to define the
+AVC entry reference.
+
+See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2
+
+Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198
+---
+ bus/selinux.c | 75 ++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 42 insertions(+), 33 deletions(-)
+
+
+Upstream-Status: Backport
+Signed-off-by: Nisha.Parrakat
+diff --git a/bus/selinux.c b/bus/selinux.c
+
+--- a/bus/selinux.c 2021-08-11 14:45:59.048513026 +0000
++++ b/bus/selinux.c 2021-08-11 14:57:47.144846966 +0000
+@@ -311,24 +311,6 @@
+ #endif
+ }
+
+-/*
+- * Private Flask definitions; the order of these constants must
+- * exactly match that of the structure array below!
+- */
+-/* security dbus class constants */
+-#define SECCLASS_DBUS 1
+-
+-/* dbus's per access vector constants */
+-#define DBUS__ACQUIRE_SVC 1
+-#define DBUS__SEND_MSG 2
+-
+-#ifdef HAVE_SELINUX
+-static struct security_class_mapping dbus_map[] = {
+- { "dbus", { "acquire_svc", "send_msg", NULL } },
+- { NULL }
+-};
+-#endif /* HAVE_SELINUX */
+-
+ /**
+ * Establish dynamic object class and permission mapping and
+ * initialize the user space access vector cache (AVC) for D-Bus and set up
+@@ -350,13 +332,6 @@
+
+ _dbus_verbose ("SELinux is enabled in this kernel.\n");
+
+- if (selinux_set_mapping (dbus_map) < 0)
+- {
+- _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).",
+- strerror (errno));
+- return FALSE;
+- }
+-
+ avc_entry_ref_init (&aeref);
+ if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0)
+ {
+@@ -421,19 +396,53 @@
+ static dbus_bool_t
+ bus_selinux_check (BusSELinuxID *sender_sid,
+ BusSELinuxID *override_sid,
+- security_class_t target_class,
+- access_vector_t requested,
++ const char *target_class,
++ const char *requested,
+ DBusString *auxdata)
+ {
++ int saved_errno;
++ security_class_t security_class;
++ access_vector_t requested_access;
++
+ if (!selinux_enabled)
+ return TRUE;
+
++ security_class = string_to_security_class (target_class);
++ if (security_class == 0)
++ {
++ saved_errno = errno;
++ log_callback (SELINUX_ERROR, "Unknown class %s", target_class);
++ if (security_deny_unknown () == 0)
++ {
++ return TRUE;
++ }
++
++ _dbus_verbose ("Unknown class %s\n", target_class);
++ errno = saved_errno;
++ return FALSE;
++ }
++
++ requested_access = string_to_av_perm (security_class, requested);
++ if (requested_access == 0)
++ {
++ saved_errno = errno;
++ log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class);
++ if (security_deny_unknown () == 0)
++ {
++ return TRUE;
++ }
++
++ _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class);
++ errno = saved_errno;
++ return FALSE;
++ }
++
+ /* Make the security check. AVC checks enforcing mode here as well. */
+ if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
+ override_sid ?
+ SELINUX_SID_FROM_BUS (override_sid) :
+ bus_sid,
+- target_class, requested, &aeref, auxdata) < 0)
++ security_class, requested_access, &aeref, auxdata) < 0)
+ {
+ switch (errno)
+ {
+@@ -500,8 +509,8 @@
+
+ ret = bus_selinux_check (connection_sid,
+ service_sid,
+- SECCLASS_DBUS,
+- DBUS__ACQUIRE_SVC,
++ "dbus",
++ "acquire_svc",
+ &auxdata);
+
+ _dbus_string_free (&auxdata);
+@@ -629,8 +638,8 @@
+
+ ret = bus_selinux_check (sender_sid,
+ recipient_sid,
+- SECCLASS_DBUS,
+- DBUS__SEND_MSG,
++ "dbus",
++ "send_msg",
+ &auxdata);
+
+ _dbus_string_free (&auxdata);
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/tmpdir.patch b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/tmpdir.patch
new file mode 100644
index 0000000000..bf086e1788
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus/tmpdir.patch
@@ -0,0 +1,44 @@
+From 5105fedd7fa13dadd2d0d864fb77873b83b79a4b Mon Sep 17 00:00:00 2001
+From: Koen Kooi
+Date: Thu, 23 Jun 2011 13:52:09 +0200
+Subject: [PATCH] buildsys: hardcode socketdir to /tmp
+
+the TMPDIR env var isn't always pointing to the right target path
+
+Upstream-Status: Inappropriate [embedded]
+
+Signed-off-by: Koen Kooi
+
+Original comment:
+
+ avoid to check tmp dir at build time. instead uses hard coded /tmp here
+ comment added by Kevin Tian
+---
+ configure.ac | 11 +----------
+ 1 files changed, 1 insertions(+), 10 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 408054b..6d26180 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1483,16 +1483,7 @@ AC_SUBST(TEST_LAUNCH_HELPER_BINARY)
+ AC_DEFINE_UNQUOTED(DBUS_TEST_LAUNCH_HELPER_BINARY, "$TEST_LAUNCH_HELPER_BINARY",
+ [Full path to the launch helper test program in the builddir])
+
+-#### Find socket directories
+-if ! test -z "$TMPDIR" ; then
+- DEFAULT_SOCKET_DIR=$TMPDIR
+-elif ! test -z "$TEMP" ; then
+- DEFAULT_SOCKET_DIR=$TEMP
+-elif ! test -z "$TMP" ; then
+- DEFAULT_SOCKET_DIR=$TMP
+-else
+- DEFAULT_SOCKET_DIR=/tmp
+-fi
++DEFAULT_SOCKET_DIR=/tmp
+
+ DEFAULT_SOCKET_DIR=`echo $DEFAULT_SOCKET_DIR | sed 's/+/%2B/g'`
+
+--
+1.6.6.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_%.bbappend
deleted file mode 100644
index af073e92a3..0000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_%.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
-SRC_URI += " \
- file://CVE-2022-42010.patch \
- file://CVE-2022-42011.patch \
- file://CVE-2022-42012.patch \
- "
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_1.12.28.bb b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_1.12.28.bb
new file mode 100644
index 0000000000..48947209d9
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dbus/dbus_1.12.28.bb
@@ -0,0 +1,153 @@
+SUMMARY = "D-Bus message bus"
+DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."
+HOMEPAGE = "https://dbus.freedesktop.org"
+SECTION = "base"
+
+require dbus.inc
+
+DEPENDS = "expat virtual/libintl autoconf-archive"
+PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', d)}"
+ALLOW_EMPTY:dbus-ptest = "1"
+RDEPENDS:dbus-ptest:class-target = "dbus-test-ptest"
+RDEPENDS:${PN} += "${PN}-common ${PN}-tools"
+RDEPENDS:${PN}:class-native = ""
+
+inherit useradd update-rc.d
+
+INITSCRIPT_NAME = "dbus-1"
+INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
+
+python __anonymous() {
+ if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d):
+ d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1")
+}
+
+PACKAGES =+ "${PN}-lib ${PN}-common ${PN}-tools"
+
+USERADD_PACKAGES = "dbus-common"
+USERADD_PARAM:dbus-common = "--system --home ${localstatedir}/lib/dbus \
+ --no-create-home --shell /bin/false \
+ --user-group messagebus"
+
+CONFFILES:${PN} = "${sysconfdir}/dbus-1/system.conf ${sysconfdir}/dbus-1/session.conf"
+
+DEBIANNAME:${PN} = "dbus-1"
+
+OLDPKGNAME = "dbus-x11"
+OLDPKGNAME:class-nativesdk = ""
+
+# for compatibility
+RPROVIDES:${PN} = "${OLDPKGNAME}"
+RREPLACES:${PN} += "${OLDPKGNAME}"
+
+FILES:${PN} = "${bindir}/dbus-daemon* \
+ ${bindir}/dbus-cleanup-sockets \
+ ${bindir}/dbus-launch \
+ ${bindir}/dbus-run-session \
+ ${libexecdir}/dbus* \
+ ${sysconfdir} \
+ ${localstatedir} \
+ ${systemd_system_unitdir} \
+ ${systemd_user_unitdir} \
+ ${nonarch_libdir}/tmpfiles.d/dbus.conf \
+"
+FILES:${PN}-common = "${sysconfdir}/dbus-1 \
+ ${datadir}/dbus-1/services \
+ ${datadir}/dbus-1/system-services \
+ ${datadir}/dbus-1/session.d \
+ ${datadir}/dbus-1/session.conf \
+ ${datadir}/dbus-1/system.d \
+ ${datadir}/dbus-1/system.conf \
+ ${systemd_system_unitdir}/dbus.socket \
+ ${systemd_system_unitdir}/sockets.target.wants \
+ ${systemd_user_unitdir}/dbus.socket \
+ ${systemd_user_unitdir}/sockets.target.wants \
+ ${nonarch_libdir}/sysusers.d/dbus.conf \
+"
+FILES:${PN}-tools = "${bindir}/dbus-uuidgen \
+ ${bindir}/dbus-send \
+ ${bindir}/dbus-monitor \
+ ${bindir}/dbus-update-activation-environment \
+"
+FILES:${PN}-lib = "${libdir}/lib*.so.*"
+RRECOMMENDS:${PN}-lib = "${PN}"
+FILES:${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-test-tool ${datadir}/xml/dbus-1"
+
+PACKAGE_WRITE_DEPS += "${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','systemd-systemctl-native','',d)}"
+pkg_postinst:dbus() {
+ # If both systemd and sysvinit are enabled, mask the dbus-1 init script
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','true','false',d)}; then
+ if [ -n "$D" ]; then
+ OPTS="--root=$D"
+ fi
+ systemctl $OPTS mask dbus-1.service
+ fi
+
+ if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
+ /etc/init.d/populate-volatile.sh update
+ fi
+}
+
+
+EXTRA_OECONF += "--disable-tests"
+
+do_install() {
+ autotools_do_install
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/init.d
+ sed 's:@bindir@:${bindir}:' < ${WORKDIR}/dbus-1.init >${WORKDIR}/dbus-1.init.sh
+ install -m 0755 ${WORKDIR}/dbus-1.init.sh ${D}${sysconfdir}/init.d/dbus-1
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d messagebus messagebus 0755 ${localstatedir}/run/dbus none" \
+ > ${D}${sysconfdir}/default/volatiles/99_dbus
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ for i in dbus.target.wants sockets.target.wants multi-user.target.wants; do \
+ install -d ${D}${systemd_system_unitdir}/$i; done
+ install -m 0644 ${B}/bus/dbus.service ${B}/bus/dbus.socket ${D}${systemd_system_unitdir}/
+ ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/dbus.target.wants/dbus.socket
+ ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/sockets.target.wants/dbus.socket
+ ln -fs ../dbus.service ${D}${systemd_system_unitdir}/multi-user.target.wants/dbus.service
+ fi
+
+
+ mkdir -p ${D}${localstatedir}/lib/dbus
+
+ chown messagebus:messagebus ${D}${localstatedir}/lib/dbus
+
+ chown root:messagebus ${D}${libexecdir}/dbus-daemon-launch-helper
+ chmod 4755 ${D}${libexecdir}/dbus-daemon-launch-helper
+
+ # Remove Red Hat initscript
+ rm -rf ${D}${sysconfdir}/rc.d
+
+ # Remove empty testexec directory as we don't build tests
+ rm -rf ${D}${libdir}/dbus-1.0/test
+
+ # Remove /var/run as it is created on startup
+ rm -rf ${D}${localstatedir}/run
+}
+
+do_install:class-native() {
+ autotools_do_install
+
+ # dbus-launch has no X support so lets not install it in case the host
+ # has a more featured and useful version
+ rm -f ${D}${bindir}/dbus-launch
+}
+
+do_install:class-nativesdk() {
+ autotools_do_install
+
+ # dbus-launch has no X support so lets not install it in case the host
+ # has a more featured and useful version
+ rm -f ${D}${bindir}/dbus-launch
+
+ # Remove /var/run to avoid QA error
+ rm -rf ${D}${localstatedir}/run
+}
+BBCLASSEXTEND = "native nativesdk"
+
+INSANE_SKIP:${PN}-ptest += "build-deps"
diff --git a/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch b/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
new file mode 100644
index 0000000000..152db441bc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch
@@ -0,0 +1,32 @@
+From 5cf847b5bef8dc3f9f89bd09dd5af4e6603f393c Mon Sep 17 00:00:00 2001
+From: Changqing Li
+Date: Mon, 27 Aug 2018 16:10:55 +0800
+Subject: [PATCH] libjpeg-turbo: fix package_qa error
+
+Fix package qa errors like below:
+libjpeg.so.62.3.0 contains probably-redundant RPATH /usr/lib [useless-rpaths]
+usr/bin/cjpeg contains probably-redundant RPATH /usr/lib
+
+Upstream-Status: Inappropriate[oe-specific]
+
+Signed-off-by: Changqing Li
+Signed-off-by: Anuj Mittal
+---
+ CMakeLists.txt | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 2bc3458..ea3041e 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -191,10 +191,6 @@ endif()
+ report_option(ENABLE_SHARED "Shared libraries")
+ report_option(ENABLE_STATIC "Static libraries")
+
+-if(ENABLE_SHARED)
+- set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
+-endif()
+-
+ if(WITH_JPEG8 OR WITH_JPEG7)
+ set(WITH_ARITH_ENC 1)
+ set(WITH_ARITH_DEC 1)
diff --git a/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb b/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
new file mode 100644
index 0000000000..839f09ab23
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb
@@ -0,0 +1,60 @@
+SUMMARY = "Hardware accelerated JPEG compression/decompression library"
+DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression"
+HOMEPAGE = "http://libjpeg-turbo.org/"
+
+LICENSE = "IJG & BSD-3-Clause & Zlib"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2a8e0d8226a102f07ab63ed7fd6ce155"
+
+DEPENDS:append:x86-64:class-target = " nasm-native"
+DEPENDS:append:x86:class-target = " nasm-native"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
+ file://0001-libjpeg-turbo-fix-package_qa-error.patch \
+ "
+
+SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa"
+UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
+UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P(\d+[\.\-_]*)+)/"
+
+PE = "1"
+
+# Drop-in replacement for jpeg
+PROVIDES = "jpeg"
+RPROVIDES:${PN} += "jpeg"
+RREPLACES:${PN} += "jpeg"
+RCONFLICTS:${PN} += "jpeg"
+
+inherit cmake pkgconfig
+
+export NASMENV = "--reproducible --debug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
+
+# Add nasm-native dependency consistently for all build arches is hard
+EXTRA_OECMAKE:append:class-native = " -DWITH_SIMD=False"
+EXTRA_OECMAKE:append:class-nativesdk = " -DWITH_SIMD=False"
+
+# Work around missing x32 ABI support
+EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", "-DWITH_SIMD=False", "", d)}"
+
+# Work around missing non-floating point ABI support in MIPS
+EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("MIPSPKGSFX_FPU", "-nf", "-DWITH_SIMD=False", "", d)}"
+
+EXTRA_OECMAKE:append:class-target:arm = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}"
+EXTRA_OECMAKE:append:class-target:armeb = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}"
+
+# Provide a workaround if Altivec unit is not present in PPC
+EXTRA_OECMAKE:append:class-target:powerpc = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}"
+EXTRA_OECMAKE:append:class-target:powerpc64 = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}"
+EXTRA_OECMAKE:append:class-target:powerpc64le = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}"
+
+DEBUG_OPTIMIZATION:append:armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
+DEBUG_OPTIMIZATION:append:armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}"
+
+PACKAGES =+ "jpeg-tools libturbojpeg"
+
+DESCRIPTION:jpeg-tools = "The jpeg-tools package includes client programs to access libjpeg functionality. These tools allow for the compression, decompression, transformation and display of JPEG files and benchmarking of the libjpeg library."
+FILES:jpeg-tools = "${bindir}/*"
+
+DESCRIPTION:libturbojpeg = "A SIMD-accelerated JPEG codec which provides only TurboJPEG APIs"
+FILES:libturbojpeg = "${libdir}/libturbojpeg.so.*"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-3566.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-3566.patch
new file mode 100644
index 0000000000..a7d91c7c28
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-3566.patch
@@ -0,0 +1,127 @@
+From f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 Mon Sep 17 00:00:00 2001
+From: Kuniyuki Iwashima
+Date: Thu, 6 Oct 2022 11:53:49 -0700
+Subject: tcp: Fix data races around icsk->icsk_af_ops.
+
+setsockopt(IPV6_ADDRFORM) and tcp_v6_connect() change icsk->icsk_af_ops
+under lock_sock(), but tcp_(get|set)sockopt() read it locklessly. To
+avoid load/store tearing, we need to add READ_ONCE() and WRITE_ONCE()
+for the reads and writes.
+
+Thanks to Eric Dumazet for providing the syzbot report:
+
+BUG: KCSAN: data-race in tcp_setsockopt / tcp_v6_connect
+
+write to 0xffff88813c624518 of 8 bytes by task 23936 on cpu 0:
+tcp_v6_connect+0x5b3/0xce0 net/ipv6/tcp_ipv6.c:240
+__inet_stream_connect+0x159/0x6d0 net/ipv4/af_inet.c:660
+inet_stream_connect+0x44/0x70 net/ipv4/af_inet.c:724
+__sys_connect_file net/socket.c:1976 [inline]
+__sys_connect+0x197/0x1b0 net/socket.c:1993
+__do_sys_connect net/socket.c:2003 [inline]
+__se_sys_connect net/socket.c:2000 [inline]
+__x64_sys_connect+0x3d/0x50 net/socket.c:2000
+do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
+entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+read to 0xffff88813c624518 of 8 bytes by task 23937 on cpu 1:
+tcp_setsockopt+0x147/0x1c80 net/ipv4/tcp.c:3789
+sock_common_setsockopt+0x5d/0x70 net/core/sock.c:3585
+__sys_setsockopt+0x212/0x2b0 net/socket.c:2252
+__do_sys_setsockopt net/socket.c:2263 [inline]
+__se_sys_setsockopt net/socket.c:2260 [inline]
+__x64_sys_setsockopt+0x62/0x70 net/socket.c:2260
+do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
+entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+value changed: 0xffffffff8539af68 -> 0xffffffff8539aff8
+
+Reported by Kernel Concurrency Sanitizer on:
+CPU: 1 PID: 23937 Comm: syz-executor.5 Not tainted
+6.0.0-rc4-syzkaller-00331-g4ed9c1e971b1-dirty #0
+
+Hardware name: Google Google Compute Engine/Google Compute Engine,
+BIOS Google 08/26/2022
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: syzbot
+Reported-by: Eric Dumazet
+Signed-off-by: Kuniyuki Iwashima
+Signed-off-by: Jakub Kicinski
+---
+ net/ipv4/tcp.c | 10 ++++++----
+ net/ipv6/ipv6_sockglue.c | 3 ++-
+ net/ipv6/tcp_ipv6.c | 6 ++++--
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
+index f5c336f8b0c8..c86d27d653be 100644
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -3652,8 +3652,9 @@ int tcp_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,
+ const struct inet_connection_sock *icsk = inet_csk(sk);
+
+ if (level != SOL_TCP)
+- return icsk->icsk_af_ops->setsockopt(sk, level, optname,
+- optval, optlen);
++ /* Paired with WRITE_ONCE() in do_ipv6_setsockopt() and tcp_v6_connect() */
++ return READ_ONCE(icsk->icsk_af_ops)->setsockopt(sk, level, optname,
++ optval, optlen);
+ return do_tcp_setsockopt(sk, level, optname, optval, optlen);
+ }
+ EXPORT_SYMBOL(tcp_setsockopt);
+@@ -4248,8 +4249,9 @@ int tcp_getsockopt(struct sock *sk, int level, int optname, char __user *optval,
+ struct inet_connection_sock *icsk = inet_csk(sk);
+
+ if (level != SOL_TCP)
+- return icsk->icsk_af_ops->getsockopt(sk, level, optname,
+- optval, optlen);
++ /* Paired with WRITE_ONCE() in do_ipv6_setsockopt() and tcp_v6_connect() */
++ return READ_ONCE(icsk->icsk_af_ops)->getsockopt(sk, level, optname,
++ optval, optlen);
+ return do_tcp_getsockopt(sk, level, optname, optval, optlen);
+ }
+ EXPORT_SYMBOL(tcp_getsockopt);
+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
+index e4bdb09c5586..cd4fd98fb68e 100644
+--- a/net/ipv6/ipv6_sockglue.c
++++ b/net/ipv6/ipv6_sockglue.c
+@@ -474,7 +474,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
+ sock_prot_inuse_add(net, &tcp_prot, 1);
+ local_bh_enable();
+ sk->sk_prot = &tcp_prot;
+- icsk->icsk_af_ops = &ipv4_specific;
++ /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
++ WRITE_ONCE(icsk->icsk_af_ops, &ipv4_specific);
+ sk->sk_socket->ops = &inet_stream_ops;
+ sk->sk_family = PF_INET;
+ tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index b03dd02c9f13..7844f4dfbee1 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -237,7 +237,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
+ sin.sin_port = usin->sin6_port;
+ sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
+
+- icsk->icsk_af_ops = &ipv6_mapped;
++ /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
++ WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
+ if (sk_is_mptcp(sk))
+ mptcpv6_handle_mapped(sk, true);
+ sk->sk_backlog_rcv = tcp_v4_do_rcv;
+@@ -249,7 +250,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
+
+ if (err) {
+ icsk->icsk_ext_hdr_len = exthdrlen;
+- icsk->icsk_af_ops = &ipv6_specific;
++ /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
++ WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
+ if (sk_is_mptcp(sk))
+ mptcpv6_handle_mapped(sk, false);
+ sk->sk_backlog_rcv = tcp_v6_do_rcv;
+--
+2.34.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch
new file mode 100644
index 0000000000..3ab2ef7c0e
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch
@@ -0,0 +1,39 @@
+From 4e006c7a6dac0ead4c1bf606000aa90a372fc253 Mon Sep 17 00:00:00 2001
+From: Alexander Aring
+Date: Mon, 17 Apr 2023 09:00:52 -0400
+Subject: [PATCH] net: rpl: fix rpl header size calculation
+
+This patch fixes a missing 8 byte for the header size calculation. The
+ipv6_rpl_srh_size() is used to check a skb_pull() on skb->data which
+points to skb_transport_header(). Currently we only check on the
+calculated addresses fields using CmprI and CmprE fields, see:
+
+https://www.rfc-editor.org/rfc/rfc6554#section-3
+
+there is however a missing 8 byte inside the calculation which stands
+for the fields before the addresses field. Those 8 bytes are represented
+by sizeof(struct ipv6_rpl_sr_hdr) expression.
+
+Fixes: 8610c7c6e3bd ("net: ipv6: add support for rpl sr exthdr")
+Signed-off-by: Alexander Aring
+Reported-by: maxpl0it
+Reviewed-by: David Ahern
+Signed-off-by: David S. Miller
+---
+ net/ipv6/rpl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv6/rpl.c b/net/ipv6/rpl.c
+index 488aec9e1a74f3..d1876f19222552 100644
+--- a/net/ipv6/rpl.c
++++ b/net/ipv6/rpl.c
+@@ -32,7 +32,8 @@ static void *ipv6_rpl_segdata_pos(const struct ipv6_rpl_sr_hdr *hdr, int i)
+ size_t ipv6_rpl_srh_size(unsigned char n, unsigned char cmpri,
+ unsigned char cmpre)
+ {
+- return (n * IPV6_PFXTAIL_LEN(cmpri)) + IPV6_PFXTAIL_LEN(cmpre);
++ return sizeof(struct ipv6_rpl_sr_hdr) + (n * IPV6_PFXTAIL_LEN(cmpri)) +
++ IPV6_PFXTAIL_LEN(cmpre);
+ }
+
+ void ipv6_rpl_srh_decompress(struct ipv6_rpl_sr_hdr *outhdr,
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3161.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3161.patch
new file mode 100644
index 0000000000..11c8cf4186
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3161.patch
@@ -0,0 +1,52 @@
+From 2b09d5d364986f724f17001ccfe4126b9b43a0be Mon Sep 17 00:00:00 2001
+From: Samuel Thibault
+Date: Sun, 29 Jan 2023 16:17:40 +0100
+Subject: [PATCH] fbcon: Check font dimension limits
+
+blit_x and blit_y are u32, so fbcon currently cannot support fonts
+larger than 32x32.
+
+The 32x32 case also needs shifting an unsigned int, to properly set bit
+31, otherwise we get "UBSAN: shift-out-of-bounds in fbcon_set_font",
+as reported on:
+
+http://lore.kernel.org/all/IA1PR07MB98308653E259A6F2CE94A4AFABCE9@IA1PR07MB9830.namprd07.prod.outlook.com
+Kernel Branch: 6.2.0-rc5-next-20230124
+Kernel config: https://drive.google.com/file/d/1F-LszDAizEEH0ZX0HcSR06v5q8FPl2Uv/view?usp=sharing
+Reproducer: https://drive.google.com/file/d/1mP1jcLBY7vWCNM60OMf-ogw-urQRjNrm/view?usp=sharing
+
+Reported-by: Sanan Hasanov
+Signed-off-by: Samuel Thibault
+Fixes: 2d2699d98492 ("fbcon: font setting should check limitation of driver")
+Cc: stable@vger.kernel.org
+Tested-by: Miko Larsson
+Reviewed-by: Greg Kroah-Hartman
+Signed-off-by: Helge Deller
+---
+ drivers/video/fbdev/core/fbcon.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
+index 22bb3892f6bd..74f508ec8d4c 100644
+--- a/drivers/video/fbdev/core/fbcon.c
++++ b/drivers/video/fbdev/core/fbcon.c
+@@ -2434,11 +2434,13 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font,
+ * If not this check should be changed to charcount < 256 */
+ if (charcount != 256 && charcount != 512)
+ return -EINVAL;
++ if (font->width > 32 || font->height > 32)
++ return -EINVAL;
+
+ /* Make sure drawing engine can handle the font */
+- if (!(info->pixmap.blit_x & (1 << (font->width - 1))) ||
+- !(info->pixmap.blit_y & (1 << (font->height - 1))))
+- return -EINVAL;
++ if (!(info->pixmap.blit_x & BIT(font->width - 1)) ||
++ !(info->pixmap.blit_y & BIT(font->height - 1)))
++ return -EINVAL;
+
+ /* Make sure driver can handle the font length */
+ if (fbcon_invalid_charcount(info, charcount))
+--
+2.34.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3355.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3355.patch
new file mode 100644
index 0000000000..c09b3c5d8b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3355.patch
@@ -0,0 +1,36 @@
+From d839f0811a31322c087a859c2b181e2383daa7be Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang
+Date: Mon, 12 Dec 2022 17:11:17 +0800
+Subject: drm/msm/gem: Add check for kmalloc
+
+Add the check for the return value of kmalloc in order to avoid
+NULL pointer dereference in copy_from_user.
+
+Fixes: 20224d715a88 ("drm/msm/submit: Move copy_from_user ahead of locking bos")
+Signed-off-by: Jiasheng Jiang
+Reviewed-by: Dmitry Baryshkov
+Patchwork: https://patchwork.freedesktop.org/patch/514678/
+Link: https://lore.kernel.org/r/20221212091117.43511-1-jiasheng@iscas.ac.cn
+Signed-off-by: Dmitry Baryshkov
+---
+ drivers/gpu/drm/msm/msm_gem_submit.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
+index 45a3e5cadc7da..7c2cc1262c05d 100644
+--- a/drivers/gpu/drm/msm/msm_gem_submit.c
++++ b/drivers/gpu/drm/msm/msm_gem_submit.c
+@@ -209,6 +209,10 @@ static int submit_lookup_cmds(struct msm_gem_submit *submit,
+ goto out;
+ }
+ submit->cmd[i].relocs = kmalloc(sz, GFP_KERNEL);
++ if (!submit->cmd[i].relocs) {
++ ret = -ENOMEM;
++ goto out;
++ }
+ ret = copy_from_user(submit->cmd[i].relocs, userptr, sz);
+ if (ret) {
+ ret = -EFAULT;
+--
+cgit
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3357.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3357.patch
new file mode 100644
index 0000000000..722b71f3a5
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-3357.patch
@@ -0,0 +1,35 @@
+From 53ffa6a9f83b2170c60591da1ead8791d5a42e81 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang
+Date: Tue, 20 Dec 2022 10:49:21 +0800
+Subject: HID: amd_sfh: Add missing check for dma_alloc_coherent
+
+Add check for the return value of the dma_alloc_coherent since
+it may return NULL pointer if allocation fails.
+
+Fixes: 4b2c53d93a4b ("SFH:Transport Driver to add support of AMD Sensor Fusion Hub (SFH)")
+Signed-off-by: Jiasheng Jiang
+Acked-by: Basavaraj Natikar
+Signed-off-by: Benjamin Tissoires
+Link: https://lore.kernel.org/r/20221220024921.21992-1-jiasheng@iscas.ac.cn
+---
+ drivers/hid/amd-sfh-hid/amd_sfh_client.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_client.c b/drivers/hid/amd-sfh-hid/amd_sfh_client.c
+index 8275bba636119..ab125f79408f2 100644
+--- a/drivers/hid/amd-sfh-hid/amd_sfh_client.c
++++ b/drivers/hid/amd-sfh-hid/amd_sfh_client.c
+@@ -237,6 +237,10 @@ int amd_sfh_hid_client_init(struct amd_mp2_dev *privdata)
+ in_data->sensor_virt_addr[i] = dma_alloc_coherent(dev, sizeof(int) * 8,
+ &cl_data->sensor_dma_addr[i],
+ GFP_KERNEL);
++ if (!in_data->sensor_virt_addr[i]) {
++ rc = -ENOMEM;
++ goto cleanup;
++ }
+ cl_data->sensor_sts[i] = SENSOR_DISABLED;
+ cl_data->sensor_requested_cnt[i] = 0;
+ cl_data->cur_hid_dev = i;
+--
+cgit
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
index b3b22b4086..54ddf246e1 100644
--- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
@@ -68,6 +68,11 @@ SRC_URI += " \
file://0005-ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr-h.patch \
file://CVE-2023-2513.patch \
file://CVE-2023-2269.patch \
+ file://CVE-2023-2156.patch \
+ file://CVE-2023-3355.patch \
+ file://CVE-2023-3357.patch \
+ file://CVE-2022-3566.patch \
+ file://CVE-2023-3161.patch \
"
SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://1000-128MB-flashmap-for-PFR.patch', '', d)}"
SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', 'file://debug.cfg', '', d)}"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0002-Add-rate-limiting.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0002-Add-rate-limiting.patch
new file mode 100644
index 0000000000..407ea8bbfa
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd/0002-Add-rate-limiting.patch
@@ -0,0 +1,287 @@
+From 0a8ecbadb73d597da114d77853793e8642102de9 Mon Sep 17 00:00:00 2001
+From: Jonathan Doman
+Date: Wed, 26 Apr 2023 11:45:39 -0700
+Subject: [PATCH] Add rate limiting
+
+A host CPU can write POST codes much faster than the BMC can handle
+them, considering all the D-Bus/IPC work required. Ideally `dbus-broker`
+would apply backpressure when it gets full of unhandled signals, but its
+quota mechanism uses a simple per-user accounting that doesn't
+differentiate between all the connections from OpenBMC daemons running
+as root. So there is no way to configure it to prevent just `snoopd`
+from sending too many messages - instead it will disconnect arbitrary
+services leading to mass chaos.
+
+So without a D-Bus policy mechanism to prevent excess memory usage,
+there are 2 different failure cases during a POST code storm:
+1. `snoopd` continues to send messages faster than `post-code-manager`
+ can process them, leading to `dbus-broker` consuming all the system
+ memory.
+2. `snoopd` fills up the D-Bus socket buffer. Once sd-bus fails to send
+ a message across the socket, it starts queuing messages internally
+ leading to `snoopd` consuming all the system memory. This only
+ happens because we get stuck in the `snoopd` read loop during a POST
+ code storm, and we don't process other events that would allow the
+ write queue to drain.
+
+As a workaround, introduce configurable rate limiting to `snoopd`. A new
+meson option 'rate-limit' sets the corresponding '--rate-limit'
+command-line parameter. These options take an integer value representing
+the maximum number of POST codes to process per second. The default
+meson option value is 1000, and the value of 0 will disable rate limiting.
+
+Tested: Ran the POST code stress on host for 30 minutes:
+```
+[root@sut ~]# stress-ng --ioport 2
+```
+
+Watched BMC process memory usage and CPU usage in `top`, verified that
+`post-code-manager`, `dbus-broker`, and `snoopd` each used less than 10%
+CPU and 2% memory on AST2600 with 512 MiB of DRAM.
+
+Change-Id: If03a01e0cd62366d188109bb4dff52958346e1db
+Signed-off-by: Jonathan Doman
+---
+ lpcsnoop/snoop.hpp | 1 +
+ main.cpp | 109 +++++++++++++++++++++++++++++++++++++++++----
+ meson.build | 5 +++
+ meson_options.txt | 8 ++++
+ 4 files changed, 115 insertions(+), 8 deletions(-)
+
+diff --git a/lpcsnoop/snoop.hpp b/lpcsnoop/snoop.hpp
+index 68d51b4..c66e421 100644
+--- a/lpcsnoop/snoop.hpp
++++ b/lpcsnoop/snoop.hpp
+@@ -24,4 +24,5 @@ class PostReporter : public PostObject
+ PostObject(bus, objPath, defer)
+ {
+ }
++ unsigned int rateLimit = 0;
+ };
+diff --git a/main.cpp b/main.cpp
+index 764c855..11310ba 100644
+--- a/main.cpp
++++ b/main.cpp
+@@ -23,6 +23,7 @@
+ #include
+ #include
+
++#include
+ #include
+ #include
+ #include
+@@ -31,10 +32,13 @@
+ #include
+ #include
+ #include
++#include
++#include
+ #include
+ #include
+
+ static size_t codeSize = 1; /* Size of each POST code in bytes */
++static bool verbose = false;
+
+ static void usage(const char* name)
+ {
+@@ -47,15 +51,76 @@ static void usage(const char* name)
+ name, codeSize);
+ }
+
++/**
++ * Call once for each POST code received. If the number of POST codes exceeds
++ * the configured rate limit, this function will disable the snoop device IO
++ * source until the end of the 1 second interval, then re-enable it.
++ *
++ * @return Whether the rate limit is exceeded.
++ */
++bool rateLimit(PostReporter& reporter, sdeventplus::source::IO& ioSource)
++{
++ if (reporter.rateLimit == 0)
++ {
++ // Rate limiting is disabled.
++ return false;
++ }
++
++ using Clock = sdeventplus::Clock;
++
++ static constexpr std::chrono::seconds rateLimitInterval(1);
++ static unsigned int rateLimitCount = 0;
++ static Clock::time_point rateLimitEndTime;
++
++ const sdeventplus::Event& event = ioSource.get_event();
++
++ if (rateLimitCount == 0)
++ {
++ // Initialize the end time when we start a new interval
++ rateLimitEndTime = Clock(event).now() + rateLimitInterval;
++ }
++
++ if (++rateLimitCount < reporter.rateLimit)
++ {
++ return false;
++ }
++
++ rateLimitCount = 0;
++
++ if (rateLimitEndTime < Clock(event).now())
++ {
++ return false;
++ }
++
++ if (verbose)
++ {
++ fprintf(stderr, "Hit POST code rate limit - disabling temporarily\n");
++ }
++
++ ioSource.set_enabled(sdeventplus::source::Enabled::Off);
++ sdeventplus::source::Time(
++ event, rateLimitEndTime, std::chrono::milliseconds(100),
++ [&ioSource](auto&, auto) {
++ if (verbose)
++ {
++ fprintf(stderr, "Reenabling POST code handler\n");
++ }
++ ioSource.set_enabled(sdeventplus::source::Enabled::On);
++ })
++ .set_floating(true);
++ return true;
++}
++
+ /*
+ * Callback handling IO event from the POST code fd. i.e. there is new
+ * POST code available to read.
+ */
+-void PostCodeEventHandler(sdeventplus::source::IO& s, int postFd, uint32_t,
+- PostReporter* reporter, bool verbose)
++void PostCodeEventHandler(PostReporter* reporter, sdeventplus::source::IO& s,
++ int postFd, uint32_t)
+ {
+ uint64_t code = 0;
+ ssize_t readb;
++
+ while ((readb = read(postFd, &code, codeSize)) > 0)
+ {
+ code = le64toh(code);
+@@ -72,6 +137,11 @@ void PostCodeEventHandler(sdeventplus::source::IO& s, int postFd, uint32_t,
+ // read depends on old data being cleared since it doens't always read
+ // the full code size
+ code = 0;
++
++ if (rateLimit(*reporter, s))
++ {
++ return;
++ }
+ }
+
+ if (readb < 0 && (errno == EAGAIN || errno == EWOULDBLOCK))
+@@ -103,6 +173,7 @@ int main(int argc, char* argv[])
+ int rc = 0;
+ int opt;
+ int postFd = -1;
++ unsigned int rateLimit = 0;
+
+ /*
+ * These string constants are only used in this method within this object
+@@ -115,18 +186,19 @@ int main(int argc, char* argv[])
+ const char* snoopDbus = SNOOP_BUSNAME;
+
+ bool deferSignals = true;
+- bool verbose = false;
+
+ // clang-format off
+ static const struct option long_options[] = {
+ {"bytes", required_argument, NULL, 'b'},
+ {"device", optional_argument, NULL, 'd'},
++ {"rate-limit", optional_argument, NULL, 'r'},
+ {"verbose", no_argument, NULL, 'v'},
+ {0, 0, 0, 0}
+ };
+ // clang-format on
+
+- while ((opt = getopt_long(argc, argv, "b:d:v", long_options, NULL)) != -1)
++ while ((opt = getopt_long(argc, argv, "h:b:d:r:v", long_options, NULL)) !=
++ -1)
+ {
+ switch (opt)
+ {
+@@ -153,6 +225,28 @@ int main(int argc, char* argv[])
+ }
+
+ break;
++ case 'r': {
++ int argVal = -1;
++ try
++ {
++ argVal = std::stoi(optarg);
++ }
++ catch (...)
++ {
++ }
++
++ if (argVal < 1)
++ {
++ fprintf(stderr, "Invalid rate limit '%s'. Must be >= 1.\n",
++ optarg);
++ return EXIT_FAILURE;
++ }
++
++ rateLimit = static_cast(argVal);
++ fprintf(stderr, "Rate limiting to %d POST codes per second.\n",
++ argVal);
++ break;
++ }
+ case 'v':
+ verbose = true;
+ break;
+@@ -178,11 +272,10 @@ int main(int argc, char* argv[])
+ std::optional reporterSource;
+ if (postFd > 0)
+ {
++ reporter.rateLimit = rateLimit;
+ reporterSource.emplace(
+- event, postFd, EPOLLIN | EPOLLET,
+- std::bind(PostCodeEventHandler, std::placeholders::_1,
+- std::placeholders::_2, std::placeholders::_3,
+- &reporter, verbose));
++ event, postFd, EPOLLIN,
++ std::bind_front(PostCodeEventHandler, &reporter));
+ }
+ // Enable bus to handle incoming IO and bus events
+ bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
+diff --git a/meson.build b/meson.build
+index 2bafd48..f54ee8c 100644
+--- a/meson.build
++++ b/meson.build
+@@ -27,7 +27,12 @@ conf_data.set('SYSTEMD_TARGET', get_option('systemd-target'))
+ snoopd_args = '-b ' + get_option('post-code-bytes').to_string()
+ if get_option('snoop-device') != ''
+ snoopd_args += ' -d /dev/' + get_option('snoop-device')
++ rate_limit = get_option('rate-limit')
++ if rate_limit > 0
++ snoopd_args += ' --rate-limit=' + rate_limit.to_string()
++ endif
+ endif
++
+ conf_data.set('SNOOPD_ARGS', snoopd_args)
+
+ configure_file(
+diff --git a/meson_options.txt b/meson_options.txt
+index 763c73e..da151e1 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -20,3 +20,11 @@ option(
+ option(
+ 'tests', type: 'feature', description: 'Build tests.',
+ )
++option(
++ 'rate-limit',
++ description: 'Maximum number of POST codes to read from snoop device every'
++ + 'second. Value of 0 disables rate limiting.',
++ type: 'integer',
++ min: 0,
++ value: 1000
++)
+--
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend
index 893f410e89..f21e386bd4 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/host/phosphor-host-postd_%.bbappend
@@ -7,3 +7,4 @@ DEPENDS += " gtest"
SRCREV = "6a5e0a1cba979c3c793e794c41481221da9a4e33"
SRC_URI += "file://0001-Avoid-negated-postcode-write-to-D-Bus.patch"
+SRC_URI += "file://0002-Add-rate-limiting.patch"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0037-Fix-certificate-replacement-URI-response-error-code.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0037-Fix-certificate-replacement-URI-response-error-code.patch
new file mode 100644
index 0000000000..3d8312961c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0037-Fix-certificate-replacement-URI-response-error-code.patch
@@ -0,0 +1,35 @@
+From 966c2c347b3ab96bcedd362b690e66f39802b660 Mon Sep 17 00:00:00 2001
+From: Manish Baing
+Date: Thu, 10 Aug 2023 05:48:48 +0000
+Subject: [PATCH] Fix certificate replacement URI response error code
+
+
+We get 500 Internal Server Error when we try to replace certificate
+without providing certificate but expected response is 400
+So fixed the issue by checking for json (body) content before looking
+for specific keys and identifying it as 500 Internal Server Error.
+
+Tested:
+Response for attempt to replace certificate without providing
+certificate is now 400 (Bad Request response)
+
+Signed-off-by: Manish Baing
+---
+ redfish-core/lib/certificate_service.hpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
+index f0891771..fd4836bd 100644
+--- a/redfish-core/lib/certificate_service.hpp
++++ b/redfish-core/lib/certificate_service.hpp
+@@ -691,7 +691,6 @@ inline void requestRoutesCertificateActionsReplaceCertificate(App& app)
+ certificateType))
+ {
+ BMCWEB_LOG_ERROR << "Required parameters are missing";
+- messages::internalError(asyncResp->res);
+ return;
+ }
+
+--
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
index e3bed9eb0d..8db6f9c7c5 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
@@ -32,6 +32,7 @@ SRC_URI += "file://0001-Firmware-update-configuration-changes.patch \
file://0034-Update-odata.type-version-of-redfish-v1-AccountService.patch \
file://0035-Add-MemoryMetrics-schema-file.patch \
file://0036-PCIeFunctions-not-showing-in-Redfish.patch \
+ file://0037-Fix-certificate-replacement-URI-response-error-code.patch \
"
# OOB Bios Config:
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb
index 2ef0b4e95b..a1f3e00c6e 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/pmci/pldmd.bb
@@ -5,7 +5,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
SRC_URI += "git://git@github.com/Intel-BMC/pldmd.git;protocol=ssh;branch=1-release"
-SRCREV = "2c3522ec89828d5abed265b4f460e77b4c580ae4"
+SRCREV = "49d1cf2c4c581b9f860af826ef7c044ac12b8591"
S = "${WORKDIR}/git"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0001-Use-binary-serialization-instead-of-JSON.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0001-Use-binary-serialization-instead-of-JSON.patch
new file mode 100644
index 0000000000..91992e2609
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0001-Use-binary-serialization-instead-of-JSON.patch
@@ -0,0 +1,104 @@
+From 3f362d5e15dd3c20d1026bd814fe52b9793025e5 Mon Sep 17 00:00:00 2001
+From: Jonathan Doman
+Date: Wed, 23 Nov 2022 15:04:17 -0800
+Subject: [PATCH 1/2] Use binary serialization instead of JSON
+
+The binary format is much more efficient than JSON in terms of
+computational speed and disk space consumption. The former is important
+in case the host is sending a constant stream of POST codes.
+post-code-manager can fall behind because it takes too long to store
+each new POST code on disk, causing D-Bus messages to pile up and
+increase memory consumption inside dbus-broker.
+
+Tested:
+Rebooted the host a few times and observed that POST code history is
+populated normally in Redfish. After upgrading to this change, old POST
+code history stored in JSON format is lost, but remains on disk until it
+gets overwritten during subsequent host boots.
+
+Signed-off-by: Jonathan Doman
+Change-Id: Id55909a55d950e6e62b78b3333df687b4c582c42
+Signed-off-by: Manish Baing
+---
+ inc/post_code.hpp | 6 ------
+ src/post_code.cpp | 17 ++++++++++++-----
+ 2 files changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/inc/post_code.hpp b/inc/post_code.hpp
+index be800f2..3d790b8 100644
+--- a/inc/post_code.hpp
++++ b/inc/post_code.hpp
+@@ -18,12 +18,6 @@
+ #include
+ #include
+
+-#include
+-#include
+-#include
+-#include
+-#include
+-#include
+ #include
+ #include
+ #include
+diff --git a/src/post_code.cpp b/src/post_code.cpp
+index 1fcbe55..dfe6ce7 100644
+--- a/src/post_code.cpp
++++ b/src/post_code.cpp
+@@ -17,6 +17,13 @@
+
+ #include "iomanip"
+
++#include
++#include
++#include
++#include
++#include
++#include
++
+ PostCodeDataHolder* PostCodeDataHolder::instance = 0;
+
+ void PostCode::deleteAll()
+@@ -129,18 +136,18 @@ fs::path PostCode::serialize(const std::string& path)
+ {
+ fs::path idxPath(path + strCurrentBootCycleIndexName);
+ std::ofstream osIdx(idxPath.c_str(), std::ios::binary);
+- cereal::JSONOutputArchive idxArchive(osIdx);
++ cereal::BinaryOutputArchive idxArchive(osIdx);
+ idxArchive(currentBootCycleIndex);
+
+ uint16_t count = currentBootCycleCount();
+ fs::path cntPath(path + strCurrentBootCycleCountName);
+ std::ofstream osCnt(cntPath.c_str(), std::ios::binary);
+- cereal::JSONOutputArchive cntArchive(osCnt);
++ cereal::BinaryOutputArchive cntArchive(osCnt);
+ cntArchive(count);
+
+ std::ofstream osPostCodes(
+ (path + std::to_string(currentBootCycleIndex)));
+- cereal::JSONOutputArchive oarchivePostCodes(osPostCodes);
++ cereal::BinaryOutputArchive oarchivePostCodes(osPostCodes);
+ oarchivePostCodes(postCodes);
+ }
+ catch (const cereal::Exception& e)
+@@ -163,7 +170,7 @@ bool PostCode::deserialize(const fs::path& path, uint16_t& index)
+ if (fs::exists(path))
+ {
+ std::ifstream is(path.c_str(), std::ios::in | std::ios::binary);
+- cereal::JSONInputArchive iarchive(is);
++ cereal::BinaryInputArchive iarchive(is);
+ iarchive(index);
+ return true;
+ }
+@@ -190,7 +197,7 @@ bool PostCode::deserializePostCodes(const fs::path& path,
+ if (fs::exists(path))
+ {
+ std::ifstream is(path.c_str(), std::ios::in | std::ios::binary);
+- cereal::JSONInputArchive iarchive(is);
++ cereal::BinaryInputArchive iarchive(is);
+ iarchive(codes);
+ return true;
+ }
+--
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0002-Max-post-code-file-size-per-cycle-setting.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0002-Max-post-code-file-size-per-cycle-setting.patch
new file mode 100644
index 0000000000..679712d544
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager/0002-Max-post-code-file-size-per-cycle-setting.patch
@@ -0,0 +1,63 @@
+From 4415432e32ac8cbc6ec59815a9b9893c2d832c07 Mon Sep 17 00:00:00 2001
+From: Bonnie Lo
+Date: Thu, 27 Oct 2022 17:14:55 +0800
+Subject: [PATCH 2/2] Max post code file size per cycle setting
+
+Let user could set POST code file size per cycle
+
+The default size is 512 counts
+
+Reason:
+BMC may crash caused by nonstop saving POST code when BIOS has
+some unusual behavior like PXE loop
+Thus, BMC should set a limit size to prevent this risk
+
+Test Case:
+Manually send POST code to check the POST code file rotation
+
+Signed-off-by: Bonnie Lo
+Change-Id: Ic7fbafe532a79123e6ae880a8a3506f9c397d933
+---
+ meson.build | 1 +
+ meson_options.txt | 1 +
+ src/post_code.cpp | 4 ++++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index 2c44f72..632e07e 100644
+--- a/meson.build
++++ b/meson.build
+@@ -16,6 +16,7 @@ conf_data = configuration_data()
+ conf_data.set_quoted('DBUS_OBJECT_NAME', '/xyz/openbmc_project/State/Boot/PostCode0')
+ conf_data.set_quoted('DBUS_INTF_NAME','xyz.openbmc_project.State.Boot.PostCode')
+ conf_data.set('MAX_BOOT_CYCLE_COUNT',get_option('max-boot-cycle-count'))
++conf_data.set('MAX_POST_CODE_SIZE_PER_CYCLE',get_option('max-post-code-size-per-cycle'))
+
+ if get_option('bios-post-code-log').enabled()
+ add_project_arguments('-DENABLE_BIOS_POST_CODE_LOG',language: 'cpp')
+diff --git a/meson_options.txt b/meson_options.txt
+index c3d63fd..d877b97 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -1,2 +1,3 @@
+ option('max-boot-cycle-count', type:'integer', min:1, max: 100, description: 'Maximum boot cycles for which the post codes should be persisted', value:100)
+ option('bios-post-code-log', type:'feature',description:'bios post code log',value:'disabled')
++option('max-post-code-size-per-cycle', type:'integer', min:64, max: 1024, description: 'Maximum post code file size per cycle', value:512)
+diff --git a/src/post_code.cpp b/src/post_code.cpp
+index dfe6ce7..8411718 100644
+--- a/src/post_code.cpp
++++ b/src/post_code.cpp
+@@ -102,6 +102,10 @@ void PostCode::savePostCodes(postcode_t code)
+ }
+
+ postCodes.insert(std::make_pair(tsUS, code));
++ if (postCodes.size() > MAX_POST_CODE_SIZE_PER_CYCLE)
++ {
++ postCodes.erase(postCodes.begin());
++ }
+ serialize(fs::path(strPostCodeListPath));
+
+ #ifdef ENABLE_BIOS_POST_CODE_LOG
+--
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager_git.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager_git.bbappend
index f17d248068..3e52f6bde4 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager_git.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/state/phosphor-post-code-manager_git.bbappend
@@ -1,2 +1,10 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+PROJECT_SRC_DIR := "${THISDIR}/${PN}"
+
#SRC_URI = "git://github.com/openbmc/phosphor-post-code-manager.git"
SRCREV = "987f91a6536e0330799cc5f4e54740c4023b5ef0"
+
+SRC_URI += "file://0001-Use-binary-serialization-instead-of-JSON.patch"
+SRC_URI += "file://0002-Max-post-code-file-size-per-cycle-setting.patch"
+
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.1.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.2.0.bb
similarity index 98%
rename from meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.1.0.bb
rename to meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.2.0.bb
index 0efd0de5c2..69597440f9 100644
--- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.1.0.bb
+++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_8.2.0.bb
@@ -14,7 +14,7 @@ SRC_URI = " \
file://run-ptest \
file://disable-tests \
"
-SRC_URI[sha256sum] = "6bd80ad4f07187015911216ee7185b90d285ac5162aed1bded144f9f93232a3c"
+SRC_URI[sha256sum] = "2859ec79e2cd96e976a99493547359b8001af1d1e21f3a3a3b846544ef54500f"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"