[OE-core][kirkstone 00/42] Pull request (cover letter only)

[Steve Sakoman <steve@sakoman.com>]

The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee:

  devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next

Alex Kiernan (1):
  classes: image: Set empty weak default IMAGE_LINGUAS

Alexander Kanavin (5):
  libksba: update 1.6.2 -> 1.6.3
  linux-firmware: upgrade 20221109 -> 20221214
  xwayland: upgrade 22.1.5 -> 22.1.7
  xserver-xorg: upgrade 21.1.4 -> 21.1.6
  selftest/virgl: use pkg-config from the host

Antonin Godard (2):
  busybox: always start do_compile with orig config files
  busybox: rm temporary files if do_compile was interrupted

Benoît Mauduit (1):
  lib/oe/reproducible: Use git log without gpg signature

Bhabu Bindu (1):
  qemu: Fix CVE-2022-4144

Bruce Ashfield (5):
  linux-yocto/5.15: ltp and squashfs fixes
  linux-yocto/5.15: fix perf build with clang
  linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
  linux-yocto/5.15: update to v5.15.84
  linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user
    copy

Chen Qi (2):
  dhcpcd: backport two patches to fix runtime error
  libseccomp: fix typo in DESCRIPTION

Daniel Gomez (1):
  gtk-icon-cache: Fix GTKIC_CMD if-else condition

He Zhe (1):
  lttng-modules: update 2.13.7 -> 2.13.8

Hitendra Prajapati (1):
  go: fix CVE-2022-41717 Excessive memory use in got server

Jan Kircher (1):
  toolchain-scripts: compatibility with unbound variable protection

Jermain Horsman (1):
  cve-check: write the cve manifest to IMGDEPLOYDIR

KARN JYE LAU (1):
  freetype:update mirror site.

Khem Raj (1):
  tiff: Add packageconfig knob for webp

Marta Rybczynska (1):
  cve-update-db-native: avoid incomplete updates

Martin Jansa (1):
  ffmpeg: refresh patches to apply cleanly

Narpat Mali (4):
  python3-setuptools: fix for CVE-2022-40897
  python3-wheel: fix for CVE-2022-40898
  python3-git: fix for CVE-2022-24439
  ffmpeg: fix for CVE-2022-3341

Pavel Zhukov (1):
  gcc: Refactor linker patches and fix linker on arm with usrmerge

Petr Kubizňák (1):
  harfbuzz: remove bindir only if it exists

Quentin Schulz (1):
  cairo: fix CVE patches assigned wrong CVE number

Randy MacLeod (1):
  vim: upgrade 9.0.0947 -> 9.0.1211

Ross Burton (1):
  cve-update-db-native: show IP on failure

Sandeep Gundlupet Raju (2):
  kernel-fitimage: Adjust order of dtb/dtbo files
  kernel-fitimage: Allow user to select dtb when multiple dtb exists

Saul Wold (1):
  at: Change when files are copied

Steve Sakoman (1):
  Revert "libksba: fix CVE-2022-47629"

Vivek Kumbhar (1):
  openssl: fix CVE-2022-3996 double locking leads to denial of service

Yash Shinde (1):
  glibc: stable 2.35 branch updates.

Yogita Urade (1):
  libksba: fix CVE-2022-47629

 meta/classes/cve-check.bbclass                |   6 +-
 meta/classes/gtk-icon-cache.bbclass           |   2 +-
 meta/classes/image.bbclass                    |   3 +-
 meta/classes/kernel-fitimage.bbclass          |  21 +-
 meta/classes/toolchain-scripts.bbclass        |   2 +-
 meta/lib/oe/reproducible.py                   |   3 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +-
 .../dhcpcd/dhcpcd_9.4.1.bb                    |   2 +
 ...low-getrandom-sysctl-for-newer-glibc.patch |  30 ++
 ...sep-Allow-newfstatat-syscall-as-well.patch |  31 ++
 .../openssl/openssl/CVE-2022-3996.patch       |  43 ++
 .../openssl/openssl_3.0.7.bb                  |   1 +
 meta/recipes-core/busybox/busybox.inc         |  26 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../recipes-core/meta/cve-update-db-native.bb |  88 +++-
 meta/recipes-devtools/gcc/gcc-11.3.inc        |   1 -
 ...rm-add-armv9-a-architecture-to-march.patch |  89 ++--
 ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 269 +++++++---
 ...s-fix-v4bx-to-linker-to-support-EABI.patch |  10 +-
 ...019-nios2-Define-MUSL_DYNAMIC_LINKER.patch |  25 -
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.18/CVE-2022-41717.patch           |  89 ++++
 ...-git-CVE-2022-24439-fix-from-PR-1518.patch |  97 ++++
 ...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++
 .../python/python3-git_3.1.27.bb              |   4 +
 ...-of-whitespace-to-search-backtrack.-.patch |  31 ++
 .../python/python3-setuptools_59.5.0.bb       |   1 +
 ...tential-DoS-attack-via-WHEEL_INFO_RE.patch |  32 ++
 .../python/python3-wheel_0.37.1.bb            |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-4144.patch             |  99 ++++
 meta/recipes-extended/at/at_3.2.5.bb          |   6 +-
 .../cairo/cairo/CVE-2019-6461.patch           |  46 +-
 .../cairo/cairo/CVE-2019-6462.patch           |  46 +-
 .../freetype/freetype_2.11.1.bb               |   2 +-
 .../harfbuzz/harfbuzz_4.0.1.bb                |   6 +-
 ...possible-memleaks-in-XkbGetKbdByName.patch |  63 ---
 ...ntedString-against-request-length-at.patch |  38 --
 ...-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} |   4 +-
 ...{xwayland_22.1.5.bb => xwayland_22.1.7.bb} |   2 +-
 ...20221109.bb => linux-firmware_20221214.bb} |   4 +-
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 ...ules_2.13.7.bb => lttng-modules_2.13.8.bb} |   2 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |  19 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |   7 +-
 ...-vp3-Add-missing-check-for-av_malloc.patch |  12 +-
 ...ec-Add-check-for-avformat_new_stream.patch |  67 +++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   3 +-
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 .../libksba/ksba-add-pkgconfig-support.patch  |   6 +-
 .../{libksba_1.6.2.bb => libksba_1.6.3.bb}    |   2 +-
 .../libseccomp/libseccomp_2.5.3.bb            |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 55 files changed, 1479 insertions(+), 404 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41717.patch
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
 create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.4.bb => xserver-xorg_21.1.6.bb} (80%)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.5.bb => xwayland_22.1.7.bb} (95%)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221109.bb => linux-firmware_20221214.bb} (99%)
 rename meta/recipes-kernel/lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} (94%)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
 rename meta/recipes-support/libksba/{libksba_1.6.2.bb => libksba_1.6.3.bb} (94%)

-- 
2.25.1